CVE-2020-2020

MEDIUM

Paloaltonetworks Cortex Xdr Agent - Improper Exception Handling

Title source: rule

Description

An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. This issue impacts: Cortex XDR Agent 5.0 versions earlier than 5.0.10; Cortex XDR Agent 6.1 versions earlier than 6.1.7; Cortex XDR Agent 7.0 versions earlier than 7.0.3; Cortex XDR Agent 7.1 versions earlier than 7.1.2.

References (1)

[Vendor Advisory] https://security.paloaltonetworks.com/CVE-2020-2020

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 18.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-755

Status published

Affected Products (1)

paloaltonetworks/cortex_xdr_agent < 5.0.10

Timeline

Published Dec 09, 2020

Tracked Since Feb 18, 2026