CVE-2020-2020: 
Cortex XDR vulnerability analysis and mitigation

An improper handling of exceptional conditions vulnerability (CVE-2020-2020) was discovered in Palo Alto Networks' Cortex XDR Agent. The vulnerability was disclosed on December 9, 2020, affecting multiple versions of the Cortex XDR Agent including versions 5.0 (earlier than 5.0.10), 6.1 (earlier than 6.1.7), 7.0 (earlier than 7.0.3), and 7.1 (earlier than 7.1.2). The vulnerability was discovered externally by Paul van der Haas of Orange Cyberdefense (Palo Alto Networks).

The vulnerability is classified as an improper handling of exceptional conditions (CWE-755). It received a CVSS v3.1 Base Score of 5.5 (MEDIUM), with attack vector being LOCAL, attack complexity LOW, and requiring LOW privileges with no user interaction. The vulnerability specifically affects the software's ability to handle exceptional conditions in its internal program directory (Palo Alto Networks).

When exploited, this vulnerability allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The impact is persistent, meaning the Cortex XDR Agent remains unable to start even after software or machine restart (Palo Alto Networks).

The vulnerability has been fixed in Cortex XDR Agent versions 5.0.10, 6.1.7, 7.0.3, 7.1.2, and all later versions. Users are advised to upgrade to these patched versions to mitigate the vulnerability (Palo Alto Networks).