CVE-2020-1991

Summary

An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows. This issue does not affect Cortex XDR 7.0. This issue does not affect Traps for Linux or MacOS.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksTraps5.0 < 5.0.8affected
Palo Alto NetworksTraps6.1 < 6.1.4affected
Palo Alto NetworksCortex XDR7.0.*unaffected

Weaknesses

  • CWE-377: CWE-377 Insecure Temporary File

Workarounds

There are no viable workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

References