CVE-2020-1991 Traps: Insecure temporary file vulnerability may allow privilege escalation on Windows
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files.
This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows; all versions of 6.0, 4.2, 4.1, and older releases on Windows.
This issue does not affect Cortex XDR 7.0.
This issue does not affect Traps for Linux or MacOS.
|Traps 6.1||< 6.1.4 on Windows||>= 6.1.4 on Windows|
|Traps 6.0||6.0.* on Windows|
|Traps 5.0||< 5.0.8 on Windows||>= 5.0.8 on Windows|
|Traps 4.2||4.2.* on Windows|
CVSSv3.1 Base Score:7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
This issue is fixed in Traps 5.0.8, 6.1.4 and later versions.
Workarounds and Mitigations
There are no viable workarounds for this issue.