Vulnerability in Microsoft Windows
CVE-2020-2049
A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the…
EPSS: 0.003 (26.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Microsoft Windows
- Palo Alto Networks Cortex Xdr Agent — versions 7.1.* with content update 150, 7.1.* without content update 150, 7.2.* with content update 150
- Paloaltonetworks Cortex_xdr_agent — versions 7.1, 7.2
Weakness classification (CWE)
References
- psirt@paloaltonetworks.com (x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2020-2049?
- CVE-2020-2049 is a high-severity vulnerability in Microsoft Windows, classified under Uncontrolled Search Path Element. CVSS score: 7.8/10. Published 2020-12-09.
- How severe is CVE-2020-2049?
- High severity. CVSS v3 base score is 7.8 out of 10.