An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files.
This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows; all versions of 6.0, 4.2, 4.1, and older releases on Windows.
This issue does not affect Cortex XDR 7.0.
This issue does not affect Traps for Linux or MacOS.
Versions | Affected | Unaffected |
---|---|---|
Traps 6.1 | < 6.1.4 on Windows | >= 6.1.4 on Windows |
Traps 6.0 | 6.0.* on Windows | |
Traps 5.0 | < 5.0.8 on Windows | >= 5.0.8 on Windows |
Traps 4.2 | 4.2.* on Windows |
CVSSv3.1 Base Score: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CWE-377 Insecure Temporary File
This issue is fixed in Traps 5.0.8, 6.1.4 and later versions.
There are no viable workarounds for this issue.