CVE-2020-2049: Cortex XDR Agent: Improper control of loaded DLL leads to local privilege escalation
First published: Wed Dec 09 2020(Updated: )
A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory. This issue impacts: All versions of Cortex XDR Agent 7.1 with content update 149 and earlier versions; All versions of Cortex XDR Agent 7.2 with content update 149 and earlier versions.
Credit: psirt@paloaltonetworks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Palo Alto Networks Cortex XDR Agent | >=7.1.1<=7.1.3 | |
| Palo Alto Networks Cortex XDR Agent | >=7.2.1<=7.2.2 | |
| Palo Alto Networks Cortex XDR Agent | =7.1 | |
| Palo Alto Networks Cortex XDR Agent | =7.1-content_update149 | |
| Palo Alto Networks Cortex XDR Agent | =7.2 | |
| Palo Alto Networks Cortex XDR Agent | =7.2-content_update149 | |
| Microsoft Windows Operating System |
Remedy
Cortex XDR Agent content update version 150 and all later content update versions resolve this issue for Cortex XDR Agent 7.1 and Cortex XDR Agent 7.2 versions. Cortex XDR Agent 6.1 and Cortex XDR Agent 7.0 are not impacted with the latest content update. Content updates are automatically applied for the agent. A Cortex XDR Agent version upgrade is not required to resolve this issue.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-2049?
CVE-2020-2049 is classified with a high severity level due to its potential for local privilege escalation.
How do I fix CVE-2020-2049?
To mitigate CVE-2020-2049, users should upgrade the Palo Alto Networks Cortex XDR Agent to a patched version beyond 7.2.2.
Who is affected by CVE-2020-2049?
CVE-2020-2049 affects authenticated local Windows users running specific versions of the Palo Alto Networks Cortex XDR Agent.
Can CVE-2020-2049 be exploited remotely?
No, CVE-2020-2049 requires an authenticated local user access to exploit the vulnerability.
What systems are vulnerable to CVE-2020-2049?
The vulnerability CVE-2020-2049 primarily affects Windows systems with Palo Alto Networks Cortex XDR Agent versions 7.1.1 to 7.2.2.
- agent/type
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/title
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/paloaltonetworks
- canonical/palo alto networks cortex xdr agent
- version/palo alto networks cortex xdr agent/7.1.1
- version/palo alto networks cortex xdr agent/7.1.3
- version/palo alto networks cortex xdr agent/7.2.1
- version/palo alto networks cortex xdr agent/7.2.2
- version/palo alto networks cortex xdr agent/7.1
- version/palo alto networks cortex xdr agent/7.1-content_update149
- version/palo alto networks cortex xdr agent/7.2
- version/palo alto networks cortex xdr agent/7.2-content_update149
- vendor/microsoft
- canonical/microsoft windows operating system