CVE-2020-2020 - Vulnerability Details - OpenCVE

An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. This issue impacts: Cortex XDR Agent 5.0 versions earlier than 5.0.10; Cortex XDR Agent 6.1 versions earlier than 6.1.7; Cortex XDR Agent 7.0 versions earlier than 7.0.3; Cortex XDR Agent 7.1 versions earlier than 7.1.2.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00058.

Key SSVC decision points have not yet been added.

Vendors	Products
Paloaltonetworks	Cortex Xdr Agent

Configuration 1 [-]

OR	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::::
	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::::
	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::::
	cpe:2.3:a:paloaltonetworks:cortex_xdr_agent::::::::

No data.

No data.

Fixes

Solution

This issue is fixed in Cortex XDR Agent 5.0.10, Cortex XDR Agent 6.1.7, Cortex XDR Agent 7.0.3, Cortex XDR Agent 7.1.2, and all later Cortex XDR Agent versions.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://security.paloaltonetworks.com/CVE-2020-2020

History

No history.

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2020-12-09T18:00:14.069887Z

Updated: 2024-09-16T20:17:18.893Z

Reserved: 2019-12-04T00:00:00

Link: CVE-2020-2020

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-12-09T18:15:10.663

Modified: 2024-11-21T05:24:28.077

Link: CVE-2020-2020

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Cortex XDR Agent", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "7.0.3", "status": "unaffected"}], "lessThan": "7.0.3", "status": "affected", "version": "7.0", "versionType": "custom"}, {"changes": [{"at": "7.1.2", "status": "unaffected"}], "lessThan": "7.1.2", "status": "affected", "version": "7.1", "versionType": "custom"}, {"changes": [{"at": "5.0.10", "status": "unaffected"}], "lessThan": "5.0.10", "status": "affected", "version": "5.0", "versionType": "custom"}, {"changes": [{"at": "6.1.7", "status": "unaffected"}], "lessThan": "6.1.7", "status": "affected", "version": "6.1", "versionType": "custom"}, {"lessThan": "7.2*", "status": "unaffected", "version": "7.2.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Palo Alto Networks thanks Paul van der Haas of Orange Cyberdefense for discovering and reporting this issue."}], "datePublic": "2020-12-09T00:00:00", "descriptions": [{"lang": "en", "value": "An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. This issue impacts: Cortex XDR Agent 5.0 versions earlier than 5.0.10; Cortex XDR Agent 6.1 versions earlier than 6.1.7; Cortex XDR Agent 7.0 versions earlier than 7.0.3; Cortex XDR Agent 7.1 versions earlier than 7.1.2."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-755", "description": "CWE-755 Improper Handling of Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-09T18:00:13", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2020-2020"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Cortex XDR Agent 5.0.10, Cortex XDR Agent 6.1.7, Cortex XDR Agent 7.0.3, Cortex XDR Agent 7.1.2, and all later Cortex XDR Agent versions."}], "source": {"defect": ["CPATR-9871"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2020-12-09T00:00:00", "value": "Initial publication"}], "title": "Cortex XDR Agent: Exceptional condition denial-of-service (DoS)", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2020-12-09T17:00:00.000Z", "ID": "CVE-2020-2020", "STATE": "PUBLIC", "TITLE": "Cortex XDR Agent: Exceptional condition denial-of-service (DoS)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cortex XDR Agent", "version": {"version_data": [{"version_affected": "<", "version_name": "7.0", "version_value": "7.0.3"}, {"version_affected": "<", "version_name": "7.1", "version_value": "7.1.2"}, {"version_affected": "<", "version_name": "5.0", "version_value": "5.0.10"}, {"version_affected": "<", "version_name": "6.1", "version_value": "6.1.7"}, {"version_affected": "!>=", "version_name": "7.0", "version_value": "7.0.3"}, {"version_affected": "!>=", "version_name": "7.1", "version_value": "7.1.2"}, {"version_affected": "!>=", "version_name": "5.0", "version_value": "5.0.10"}, {"version_affected": "!>=", "version_name": "6.1", "version_value": "6.1.7"}, {"version_affected": "!>=", "version_name": "7.2", "version_value": "7.2.0"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Paul van der Haas of Orange Cyberdefense for discovering and reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. This issue impacts: Cortex XDR Agent 5.0 versions earlier than 5.0.10; Cortex XDR Agent 6.1 versions earlier than 6.1.7; Cortex XDR Agent 7.0 versions earlier than 7.0.3; Cortex XDR Agent 7.1 versions earlier than 7.1.2."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-755 Improper Handling of Exceptional Conditions"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2020-2020", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2020-2020"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in Cortex XDR Agent 5.0.10, Cortex XDR Agent 6.1.7, Cortex XDR Agent 7.0.3, Cortex XDR Agent 7.1.2, and all later Cortex XDR Agent versions."}], "source": {"defect": ["CPATR-9871"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2020-12-09T00:00:00", "value": "Initial publication"}], "x_affectedList": ["Cortex XDR Agent 7.1", "Cortex XDR Agent 7.0", "Cortex XDR Agent 6.1", "Cortex XDR Agent 5.0"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:54:00.594Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2020-2020"}]}]}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2020-2020", "datePublished": "2020-12-09T18:00:14.069887Z", "dateReserved": "2019-12-04T00:00:00", "dateUpdated": "2024-09-16T20:17:18.893Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "A75398A3-ED40-4983-A80A-ECAE760B5400", "versionEndExcluding": "5.0.10", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC3EA409-30E8-4E2D-B1B5-F2C946F3613B", "versionEndExcluding": "6.1.7", "versionStartIncluding": "6.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "762B2DF4-229D-4755-A0B3-47D4BFD8C21A", "versionEndExcluding": "7.0.3", "versionStartIncluding": "7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2A974F5-3BEE-496F-8833-F7DC4D86C56D", "versionEndExcluding": "7.1.2", "versionStartIncluding": "7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. This issue impacts: Cortex XDR Agent 5.0 versions earlier than 5.0.10; Cortex XDR Agent 6.1 versions earlier than 6.1.7; Cortex XDR Agent 7.0 versions earlier than 7.0.3; Cortex XDR Agent 7.1 versions earlier than 7.1.2."}, {"lang": "es", "value": "Un manejo inapropiado de una vulnerabilidad de condiciones excepcionales en Cortex XDR Agent permite a un usuario de Windows autenticado localmente crear archivos en el directorio de programa interno del software que impide que se inicie Cortex XDR Agent. La condici\u00f3n excepcional es persistente e impide que Cortex XDR Agent se inicie cuando se reinicia el software o la m\u00e1quina. Este problema afecta a: Cortex XDR Agent versiones 5.0 anteriores a 5.0.10; Cortex XDR Agent versiones 6.1 anteriores a 6.1.7; Cortex XDR Agent versiones 7.0 anteriores a 7.0.3; Cortex XDR Agent versiones 7.1 anteriores a 7.1.2"}], "id": "CVE-2020-2020", "lastModified": "2024-11-21T05:24:28.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2020-12-09T18:15:10.663", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2020-2020"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2020-2020"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}]}