CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-1991 – Traps: Insecure temporary file vulnerability may allow privilege escalation on Windows
https://notcve.org/view.php?id=CVE-2020-1991
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows. This issue does not affect Cortex XDR 7.0. This issue does not affect Traps for Linux or MacOS. Una vulnerabilidad de archivo temporal no seguro en Palo Alto Networks Traps, permite a un usuario de Windows autenticado local escalar privilegios o sobrescribir archivos del sistema. • https://security.paloaltonetworks.com/CVE-2020-1991 • CWE-269: Improper Privilege Management CWE-377: Insecure Temporary File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1577
https://notcve.org/view.php?id=CVE-2019-1577
Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. Vulnerabilidad de inyección de código en Palo Alto Networks Traps versión 5.0.5 y anteriores puede permitir que un atacante autenticado inyecte JavaScript o HTML arbitrario. • http://www.securityfocus.com/bid/109053 https://security.paloaltonetworks.com/CVE-2019-1577 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7408
https://notcve.org/view.php?id=CVE-2017-7408
Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license. Palo Alto Networks Traps ESM Console en versiones anteriores a 3.4.4 permite a los atacantes provocar una denegación de servicio aprovechando la validación incorrecta de las solicitudes para revocar una licencia de agente Traps. • http://www.securityfocus.com/bid/97533 https://security.paloaltonetworks.com/CVE-2017-7408 https://www.paloaltonetworks.com/documentation/34/endpoint/traps-release-notes/traps-3-4-4-addressed-issues.html • CWE-20: Improper Input Validation •