An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or…
palo_alto·CWE-377·Published 2020-04-08
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows. This issue does not affect Cortex XDR 7.0. This issue does not affect Traps for Linux or MacOS.
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows. This issue does not affect Cortex XDR 7.0. This issue does not affect Traps for Linux or MacOS.
Una vulnerabilidad de archivo temporal no seguro en Palo Alto Networks Traps, permite a un usuario de Windows autenticado local escalar privilegios o sobrescribir archivos del sistema. Este problema afecta a Palo Alto Networks Traps versiones 5.0 anteriores a 5.0.8; versiones 6.1 anteriores a 6.1.4 en Windows. Este problema no afecta a Cortex XDR versión 7.0. Este problema no afecta a Traps para Linux o MacOS.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 3.6 | 3.9 | 4.9 | AV:L/AC:L/Au:N/C:N/I:P/A:P |
| 3.1 | Primary | cve.org | 7.8 | — | — | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | Primary | cve.org | 7.8 | — | — | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | Primary | NVD | 7.1 | 1.8 | 5.2 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
| 3.1 | Secondary | NVD | 7.8 | 1.8 | 5.9 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |