Main Vulnerability Database SB2020121006

SB2020121006 - Denial of service in Palo Alto Cortex XDR Agent for Windows

Published: December 10, 2020

Security Bulletin ID SB2020121006

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Error handling (CVE-ID: CVE-2020-2020)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient handling of exceptional conditions in in Cortex XDR Agent. A local user can create files in the software's internal program directory that prevents the Cortex XDR Agent from starting when the software or machine is restarted.

Remediation

Install update from vendor's website.

References

https://security.paloaltonetworks.com/CVE-2020-2020