CVE-2020-2020
MEDIUMCortex XDR Agent 5.0-5.0.9, 6.1-6.1.6, 7.0-7.0.2, 7.1-7.1.1 - DoS via Program Directory File Creation
Title source: llmDescription
An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR Agent from starting when the software or machine is restarted. This issue impacts: Cortex XDR Agent 5.0 versions earlier than 5.0.10; Cortex XDR Agent 6.1 versions earlier than 6.1.7; Cortex XDR Agent 7.0 versions earlier than 7.0.3; Cortex XDR Agent 7.1 versions earlier than 7.1.2.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://security.paloaltonetworks.com/CVE-2020-2020
Scores
CVSS v3
5.5
EPSS
0.0006
EPSS Percentile
18.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-755
Status
published
Products (1)
paloaltonetworks/cortex_xdr_agent
5.0 - 5.0.10
Published
Dec 09, 2020
Tracked Since
Feb 18, 2026