CVE-2020-2032 (GCVE-0-2020-2032)
Vulnerability from – Published: 2020-06-10 17:29 – Updated: 2024-09-17 02:27
VLAI?
Title
GlobalProtect App: File race condition vulnerability leads to local privilege escalation during upgrade
Summary
A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. This issue can be exploited only while performing a GlobalProtect app upgrade. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 on Windows; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 on Windows.
Severity ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect App |
Affected:
5.1 , < 5.1.4
(custom)
Affected: 5.0 , < 5.0.10 (custom) |
Credits
Palo Alto Networks thanks Rich Mirch of TeamARES from Critical Start Inc for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-2032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "GlobalProtect App",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.1.4",
"status": "unaffected"
}
],
"lessThan": "5.1.4",
"status": "affected",
"version": "5.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.0.10",
"status": "unaffected"
}
],
"lessThan": "5.0.10",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Rich Mirch of TeamARES from Critical Start Inc for discovering and reporting this issue."
}
],
"datePublic": "2020-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. This issue can be exploited only while performing a GlobalProtect app upgrade. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 on Windows; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 on Windows."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-10T17:29:03",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-2032"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.0.10, GlobalProtect app 5.1.4, and all later GlobalProtect app versions."
}
],
"source": {
"defect": [
"GPC-10583"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2020-06-10T00:00:00",
"value": "Initial publication"
}
],
"title": "GlobalProtect App: File race condition vulnerability leads to local privilege escalation during upgrade",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2020-06-10T16:00:00.000Z",
"ID": "CVE-2020-2032",
"STATE": "PUBLIC",
"TITLE": "GlobalProtect App: File race condition vulnerability leads to local privilege escalation during upgrade"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalProtect App",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "5.1",
"version_value": "5.1.4"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "5.1",
"version_value": "5.1.4"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.10"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.10"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Rich Mirch of TeamARES from Critical Start Inc for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. This issue can be exploited only while performing a GlobalProtect app upgrade. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 on Windows; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 on Windows."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2020-2032",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2032"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.0.10, GlobalProtect app 5.1.4, and all later GlobalProtect app versions."
}
],
"source": {
"defect": [
"GPC-10583"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2020-06-10T00:00:00",
"value": "Initial publication"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2020-2032",
"datePublished": "2020-06-10T17:29:03.167538Z",
"dateReserved": "2019-12-04T00:00:00",
"dateUpdated": "2024-09-17T02:27:10.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0016 (GCVE-0-2022-0016)
Vulnerability from – Published: 2022-02-10 18:10 – Updated: 2024-09-17 02:00
VLAI?
Title
GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon
Summary
An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.
Severity ?
7.4 (High)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect App |
Affected:
5.2 , < 5.2.9
(custom)
|
|||||||
|
|||||||||
Credits
Palo Alto Networks thanks Adam Crosser (Praetorian), Brian Sizemore (Praetorian) and N. Sao (Genetec) for independently discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows and MacOS"
],
"product": "GlobalProtect App",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.2.9",
"status": "unaffected"
}
],
"lessThan": "5.2.9",
"status": "affected",
"version": "5.2",
"versionType": "custom"
}
]
},
{
"product": "GlobalProtect App",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "5.3.*"
},
{
"lessThan": "5.1*",
"status": "unaffected",
"version": "5.1.*",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue is applicable only to devices configured to use the GlobalProtect Connect Before Logon feature."
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Adam Crosser (Praetorian), Brian Sizemore (Praetorian) and N. Sao (Genetec) for independently discovering and reporting this issue."
}
],
"datePublic": "2022-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-10T18:10:16",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0016"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.2.9 on Windows and MacOS, and all later GlobalProtect app versions."
}
],
"source": {
"defect": [
"GPC-14404",
"GPC-13685",
"GPC-14747"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-02-09T00:00:00",
"value": "Initial publication"
}
],
"title": "GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
"ID": "CVE-2022-0016",
"STATE": "PUBLIC",
"TITLE": "GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalProtect App",
"version": {
"version_data": [
{
"platform": "Windows and MacOS",
"version_affected": "\u003c",
"version_name": "5.2",
"version_value": "5.2.9"
},
{
"platform": "Windows and MacOS",
"version_affected": "!\u003e=",
"version_name": "5.2",
"version_value": "5.2.9"
},
{
"version_affected": "!\u003e=",
"version_name": "5.1",
"version_value": "5.1.*"
},
{
"version_affected": "!",
"version_name": "5.3",
"version_value": "5.3.*"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue is applicable only to devices configured to use the GlobalProtect Connect Before Logon feature."
}
],
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Adam Crosser (Praetorian), Brian Sizemore (Praetorian) and N. Sao (Genetec) for independently discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-703 Improper Check or Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0016",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0016"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.2.9 on Windows and MacOS, and all later GlobalProtect app versions."
}
],
"source": {
"defect": [
"GPC-14404",
"GPC-13685",
"GPC-14747"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-02-09T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_advisoryEoL": true,
"x_affectedList": [
"GlobalProtect App 5.2.8",
"GlobalProtect App 5.2.7",
"GlobalProtect App 5.2.6",
"GlobalProtect App 5.2.5",
"GlobalProtect App 5.2.4",
"GlobalProtect App 5.2.3",
"GlobalProtect App 5.2.2",
"GlobalProtect App 5.2.1",
"GlobalProtect App 5.2.0",
"GlobalProtect App 5.2"
],
"x_likelyAffectedList": [
"GlobalProtect App 5.0.10",
"GlobalProtect App 5.0.9",
"GlobalProtect App 5.0.8",
"GlobalProtect App 5.0.7",
"GlobalProtect App 5.0.6",
"GlobalProtect App 5.0.5",
"GlobalProtect App 5.0.4",
"GlobalProtect App 5.0.3",
"GlobalProtect App 5.0.2",
"GlobalProtect App 5.0.1",
"GlobalProtect App 5.0.0",
"GlobalProtect App 5.0",
"GlobalProtect App 4.1.13",
"GlobalProtect App 4.1.12",
"GlobalProtect App 4.1.11",
"GlobalProtect App 4.1.10",
"GlobalProtect App 4.1.9",
"GlobalProtect App 4.1.8",
"GlobalProtect App 4.1.7",
"GlobalProtect App 4.1.6",
"GlobalProtect App 4.1.5",
"GlobalProtect App 4.1.4",
"GlobalProtect App 4.1.3",
"GlobalProtect App 4.1.2",
"GlobalProtect App 4.1.1",
"GlobalProtect App 4.1.0",
"GlobalProtect App 4.1",
"GlobalProtect App 4.0.8",
"GlobalProtect App 4.0.7",
"GlobalProtect App 4.0.6",
"GlobalProtect App 4.0.5",
"GlobalProtect App 4.0.4",
"GlobalProtect App 4.0.3",
"GlobalProtect App 4.0.2",
"GlobalProtect App 4.0.0",
"GlobalProtect App 4.0",
"GlobalProtect App 3.1.6",
"GlobalProtect App 3.1.5",
"GlobalProtect App 3.1.4",
"GlobalProtect App 3.1.3",
"GlobalProtect App 3.1.1",
"GlobalProtect App 3.1.0",
"GlobalProtect App 3.1",
"GlobalProtect App 3.0.3",
"GlobalProtect App 3.0.2",
"GlobalProtect App 3.0.1",
"GlobalProtect App 3.0.0",
"GlobalProtect App 3.0",
"GlobalProtect App 2.3.5",
"GlobalProtect App 2.3.4",
"GlobalProtect App 2.3.3",
"GlobalProtect App 2.3.2",
"GlobalProtect App 2.3.1",
"GlobalProtect App 2.3.0",
"GlobalProtect App 2.3",
"GlobalProtect App 2.2.2",
"GlobalProtect App 2.2.1",
"GlobalProtect App 2.2.0",
"GlobalProtect App 2.2",
"GlobalProtect App 2.1.4",
"GlobalProtect App 2.1.3",
"GlobalProtect App 2.1.2",
"GlobalProtect App 2.1.1",
"GlobalProtect App 2.1.0",
"GlobalProtect App 2.1",
"GlobalProtect App 2.0.5",
"GlobalProtect App 2.0.4",
"GlobalProtect App 2.0.3",
"GlobalProtect App 2.0.2",
"GlobalProtect App 2.0.1",
"GlobalProtect App 2.0.0",
"GlobalProtect App 2.0",
"GlobalProtect App 1.2.11",
"GlobalProtect App 1.2.10",
"GlobalProtect App 1.2.9",
"GlobalProtect App 1.2.8",
"GlobalProtect App 1.2.7",
"GlobalProtect App 1.2.6",
"GlobalProtect App 1.2.5",
"GlobalProtect App 1.2.4",
"GlobalProtect App 1.2.3",
"GlobalProtect App 1.2.2",
"GlobalProtect App 1.2.1",
"GlobalProtect App 1.2.0",
"GlobalProtect App 1.2",
"GlobalProtect App 1.1.8",
"GlobalProtect App 1.1.7",
"GlobalProtect App 1.1.6",
"GlobalProtect App 1.1.5",
"GlobalProtect App 1.1.4",
"GlobalProtect App 1.1.3",
"GlobalProtect App 1.1.2",
"GlobalProtect App 1.1.1",
"GlobalProtect App 1.1.0",
"GlobalProtect App 1.1",
"GlobalProtect App 1.0.8",
"GlobalProtect App 1.0.7",
"GlobalProtect App 1.0.5",
"GlobalProtect App 1.0.3",
"GlobalProtect App 1.0.1",
"GlobalProtect App 1.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0016",
"datePublished": "2022-02-10T18:10:16.879284Z",
"dateReserved": "2021-12-28T00:00:00",
"dateUpdated": "2024-09-17T02:00:45.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1976 (GCVE-0-2020-1976)
Vulnerability from – Published: 2020-02-12 22:57 – Updated: 2024-09-17 01:51
VLAI?
Title
GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability.
Summary
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.
Severity ?
4.7 (Medium)
CWE
- CWE-642 - External Control of Critical State Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect |
Affected:
5.0 , ≤ 5.0.5
(custom)
|
Credits
This issue was discovered during a security test performed in collaboration with IOActive.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-1976"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Mac OS"
],
"product": "GlobalProtect",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.0.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.0.5",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered during a security test performed in collaboration with IOActive."
}
],
"datePublic": "2020-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-642",
"description": "CWE-642 External Control of Critical State Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T22:57:08",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-1976"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect 5.0.6, GlobalProtect 5.1.0, and all later versions."
}
],
"source": {
"defect": [
"GPC-9616"
],
"discovery": "INTERNAL"
},
"title": "GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability.",
"workarounds": [
{
"lang": "en",
"value": "n/a"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2020-02-12T17:00:00.000Z",
"ID": "CVE-2020-1976",
"STATE": "PUBLIC",
"TITLE": "GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalProtect",
"version": {
"version_data": [
{
"platform": "Mac OS",
"version_affected": "\u003c=",
"version_name": "5.0",
"version_value": "5.0.5"
},
{
"platform": "Mac OS",
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.6"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered during a security test performed in collaboration with IOActive."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-642 External Control of Critical State Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2020-1976",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1976"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect 5.0.6, GlobalProtect 5.1.0, and all later versions."
}
],
"source": {
"defect": [
"GPC-9616"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "n/a"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2020-1976",
"datePublished": "2020-02-12T22:57:08.144091Z",
"dateReserved": "2019-12-04T00:00:00",
"dateUpdated": "2024-09-17T01:51:07.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1976 (GCVE-0-2020-1976)
Vulnerability from – Published: 2020-02-12 22:57 – Updated: 2024-09-17 01:51
VLAI?
Title
GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability.
Summary
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.
Severity ?
4.7 (Medium)
CWE
- CWE-642 - External Control of Critical State Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect |
Affected:
5.0 , ≤ 5.0.5
(custom)
|
Credits
This issue was discovered during a security test performed in collaboration with IOActive.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-1976"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Mac OS"
],
"product": "GlobalProtect",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.0.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.0.5",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered during a security test performed in collaboration with IOActive."
}
],
"datePublic": "2020-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-642",
"description": "CWE-642 External Control of Critical State Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T22:57:08",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-1976"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect 5.0.6, GlobalProtect 5.1.0, and all later versions."
}
],
"source": {
"defect": [
"GPC-9616"
],
"discovery": "INTERNAL"
},
"title": "GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability.",
"workarounds": [
{
"lang": "en",
"value": "n/a"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2020-02-12T17:00:00.000Z",
"ID": "CVE-2020-1976",
"STATE": "PUBLIC",
"TITLE": "GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalProtect",
"version": {
"version_data": [
{
"platform": "Mac OS",
"version_affected": "\u003c=",
"version_name": "5.0",
"version_value": "5.0.5"
},
{
"platform": "Mac OS",
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.6"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered during a security test performed in collaboration with IOActive."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-642 External Control of Critical State Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2020-1976",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1976"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect 5.0.6, GlobalProtect 5.1.0, and all later versions."
}
],
"source": {
"defect": [
"GPC-9616"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "n/a"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2020-1976",
"datePublished": "2020-02-12T22:57:08.144091Z",
"dateReserved": "2019-12-04T00:00:00",
"dateUpdated": "2024-09-17T01:51:07.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3057 (GCVE-0-2021-3057)
Vulnerability from – Published: 2021-10-13 16:10 – Updated: 2024-09-17 01:35
VLAI?
Title
GlobalProtect App: Buffer Overflow Vulnerability When Connecting to Portal or Gateway
Summary
A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.9 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on the Universal Windows Platform; GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.1 on Linux.
Severity ?
8.1 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect App |
Affected:
5.1 , < 5.1.9
(custom)
Affected: 5.2 , < 5.2.8 (custom) |
||||||||||||
|
||||||||||||||
Credits
Palo Alto Networks thanks Tomas Rzepka of F-Secure for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:51.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3057"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "GlobalProtect App",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.1.9",
"status": "unaffected"
}
],
"lessThan": "5.1.9",
"status": "affected",
"version": "5.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.2.8",
"status": "unaffected"
}
],
"lessThan": "5.2.8",
"status": "affected",
"version": "5.2",
"versionType": "custom"
}
]
},
{
"platforms": [
"Linux"
],
"product": "GlobalProtect App",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.3.1",
"status": "unaffected"
}
],
"lessThan": "5.3.1",
"status": "affected",
"version": "5.3",
"versionType": "custom"
}
]
},
{
"platforms": [
"Universal Windows Platform"
],
"product": "GlobalProtect App",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.2.8",
"status": "unaffected"
}
],
"lessThan": "5.2.8",
"status": "affected",
"version": "5.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Tomas Rzepka of F-Secure for discovering and reporting this issue."
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.9 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on the Universal Windows Platform; GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.1 on Linux."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-13T16:10:10",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2021-3057"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.1.9 on Windows, GlobalProtect app 5.2.8 on Windows and on Universal Windows Platform, GlobalProtect app 5.3.1 on Linux, and all later GlobalProtect app versions."
}
],
"source": {
"defect": [
"GPC-13039"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-10-13T00:00:00",
"value": "Initial publication"
}
],
"title": "GlobalProtect App: Buffer Overflow Vulnerability When Connecting to Portal or Gateway",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-3057",
"STATE": "PUBLIC",
"TITLE": "GlobalProtect App: Buffer Overflow Vulnerability When Connecting to Portal or Gateway"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalProtect App",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "5.1",
"version_value": "5.1.9"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "5.2",
"version_value": "5.2.8"
},
{
"platform": "Linux",
"version_affected": "\u003c",
"version_name": "5.3",
"version_value": "5.3.1"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "5.1",
"version_value": "5.1.9"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "5.2",
"version_value": "5.2.8"
},
{
"platform": "Linux",
"version_affected": "!\u003e=",
"version_name": "5.3",
"version_value": "5.3.1"
},
{
"platform": "Universal Windows Platform",
"version_affected": "\u003c",
"version_name": "5.2",
"version_value": "5.2.8"
},
{
"platform": "Universal Windows Platform",
"version_affected": "!\u003e=",
"version_name": "5.2",
"version_value": "5.2.8"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Tomas Rzepka of F-Secure for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.9 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on the Universal Windows Platform; GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.1 on Linux."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2021-3057",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2021-3057"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.1.9 on Windows, GlobalProtect app 5.2.8 on Windows and on Universal Windows Platform, GlobalProtect app 5.3.1 on Linux, and all later GlobalProtect app versions."
}
],
"source": {
"defect": [
"GPC-13039"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2021-10-13T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_advisoryEoL": true,
"x_affectedList": [
"GlobalProtect App 5.3.0",
"GlobalProtect App 5.3",
"GlobalProtect App 5.2.7",
"GlobalProtect App 5.2.6",
"GlobalProtect App 5.2.5",
"GlobalProtect App 5.2.4",
"GlobalProtect App 5.2.3",
"GlobalProtect App 5.2.2",
"GlobalProtect App 5.2.1",
"GlobalProtect App 5.2.0",
"GlobalProtect App 5.2",
"GlobalProtect App 5.1.8",
"GlobalProtect App 5.1.7",
"GlobalProtect App 5.1.6",
"GlobalProtect App 5.1.5",
"GlobalProtect App 5.1.4",
"GlobalProtect App 5.1.3",
"GlobalProtect App 5.1.1",
"GlobalProtect App 5.1.0",
"GlobalProtect App 5.1"
],
"x_likelyAffectedList": [
"GlobalProtect App 5.0.10",
"GlobalProtect App 5.0.9",
"GlobalProtect App 5.0.8",
"GlobalProtect App 5.0.7",
"GlobalProtect App 5.0.6",
"GlobalProtect App 5.0.5",
"GlobalProtect App 5.0.4",
"GlobalProtect App 5.0.3",
"GlobalProtect App 5.0.2",
"GlobalProtect App 5.0.1",
"GlobalProtect App 5.0.0",
"GlobalProtect App 5.0",
"GlobalProtect App 4.1.13",
"GlobalProtect App 4.1.12",
"GlobalProtect App 4.1.11",
"GlobalProtect App 4.1.10",
"GlobalProtect App 4.1.9",
"GlobalProtect App 4.1.8",
"GlobalProtect App 4.1.7",
"GlobalProtect App 4.1.6",
"GlobalProtect App 4.1.5",
"GlobalProtect App 4.1.4",
"GlobalProtect App 4.1.3",
"GlobalProtect App 4.1.2",
"GlobalProtect App 4.1.1",
"GlobalProtect App 4.1.0",
"GlobalProtect App 4.1",
"GlobalProtect App 4.0.8",
"GlobalProtect App 4.0.7",
"GlobalProtect App 4.0.6",
"GlobalProtect App 4.0.5",
"GlobalProtect App 4.0.4",
"GlobalProtect App 4.0.3",
"GlobalProtect App 4.0.2",
"GlobalProtect App 4.0.0",
"GlobalProtect App 4.0",
"GlobalProtect App 3.1.6",
"GlobalProtect App 3.1.5",
"GlobalProtect App 3.1.4",
"GlobalProtect App 3.1.3",
"GlobalProtect App 3.1.1",
"GlobalProtect App 3.1.0",
"GlobalProtect App 3.1",
"GlobalProtect App 3.0.3",
"GlobalProtect App 3.0.2",
"GlobalProtect App 3.0.1",
"GlobalProtect App 3.0.0",
"GlobalProtect App 3.0",
"GlobalProtect App 2.3.5",
"GlobalProtect App 2.3.4",
"GlobalProtect App 2.3.3",
"GlobalProtect App 2.3.2",
"GlobalProtect App 2.3.1",
"GlobalProtect App 2.3.0",
"GlobalProtect App 2.3",
"GlobalProtect App 2.2.2",
"GlobalProtect App 2.2.1",
"GlobalProtect App 2.2.0",
"GlobalProtect App 2.2",
"GlobalProtect App 2.1.4",
"GlobalProtect App 2.1.3",
"GlobalProtect App 2.1.2",
"GlobalProtect App 2.1.1",
"GlobalProtect App 2.1.0",
"GlobalProtect App 2.1",
"GlobalProtect App 2.0.5",
"GlobalProtect App 2.0.4",
"GlobalProtect App 2.0.3",
"GlobalProtect App 2.0.2",
"GlobalProtect App 2.0.1",
"GlobalProtect App 2.0.0",
"GlobalProtect App 2.0",
"GlobalProtect App 1.2.11",
"GlobalProtect App 1.2.10",
"GlobalProtect App 1.2.9",
"GlobalProtect App 1.2.8",
"GlobalProtect App 1.2.7",
"GlobalProtect App 1.2.6",
"GlobalProtect App 1.2.5",
"GlobalProtect App 1.2.4",
"GlobalProtect App 1.2.3",
"GlobalProtect App 1.2.2",
"GlobalProtect App 1.2.1",
"GlobalProtect App 1.2.0",
"GlobalProtect App 1.2",
"GlobalProtect App 1.1.8",
"GlobalProtect App 1.1.7",
"GlobalProtect App 1.1.6",
"GlobalProtect App 1.1.5",
"GlobalProtect App 1.1.4",
"GlobalProtect App 1.1.3",
"GlobalProtect App 1.1.2",
"GlobalProtect App 1.1.1",
"GlobalProtect App 1.1.0",
"GlobalProtect App 1.1",
"GlobalProtect App 1.0.8",
"GlobalProtect App 1.0.7",
"GlobalProtect App 1.0.5",
"GlobalProtect App 1.0.3",
"GlobalProtect App 1.0.1",
"GlobalProtect App 1.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2021-3057",
"datePublished": "2021-10-13T16:10:10.405531Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-17T01:35:48.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2004 (GCVE-0-2020-2004)
Vulnerability from – Published: 2020-05-13 19:07 – Updated: 2024-09-17 01:30
VLAI?
Title
GlobalProtect App: Passwords may be logged in clear text while collecting troubleshooting logs
Summary
Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. For this issue to occur all of these conditions must be true: (1) 'Save User Credential' option should be set to 'Yes' in the GlobalProtect Portal's Agent configuration, (2) the GlobalProtect user manually selects a gateway, (3) and the logging level is set to 'Dump' while collecting troubleshooting logs. This issue does not affect GlobalProtect app on other platforms (for example iOS/Android/Linux). This issue affects GlobalProtect app 5.0 versions earlier than 5.0.9, GlobalProtect app 5.1 versions earlier than 5.1.2 on Windows or MacOS. Since becoming aware of the issue, Palo Alto Networks has safely deleted all the known GlobalProtectLogs zip files sent by customers with the credentials. We now filter and remove these credentials from all files sent to Customer Support. The GlobalProtectLogs zip files uploaded to Palo Alto Networks systems were only accessible by authorized personnel with valid Palo Alto Networks credentials. We do not have any evidence of malicious access or use of these credentials.
Severity ?
6.8 (Medium)
CWE
- CWE-534 - Information Exposure Through Debug Log Files
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect App |
Affected:
5.0 , < 5.0.9
(custom)
Affected: 5.1 , < 5.1.2 (custom) |
|||||||
|
|||||||||
Credits
This issue was found by Navin Vasan of Palo Alto Networks during internal security review.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-2004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows and MacOS"
],
"product": "GlobalProtect App",
"vendor": "Palo Alto Networks",
"versions": [
{
"lessThan": "5.0.9",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThan": "5.1.2",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
},
{
"product": "GlobalProtect App",
"vendor": "Palo Alto Networks",
"versions": [
{
"lessThan": "5.0*",
"status": "unaffected",
"version": "5.0.9",
"versionType": "custom"
},
{
"lessThan": "5.1*",
"status": "unaffected",
"version": "5.1.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Navin Vasan of Palo Alto Networks during internal security review."
}
],
"datePublic": "2020-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Under certain circumstances a user\u0027s password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. For this issue to occur all of these conditions must be true: (1) \u0027Save User Credential\u0027 option should be set to \u0027Yes\u0027 in the GlobalProtect Portal\u0027s Agent configuration, (2) the GlobalProtect user manually selects a gateway, (3) and the logging level is set to \u0027Dump\u0027 while collecting troubleshooting logs. This issue does not affect GlobalProtect app on other platforms (for example iOS/Android/Linux). This issue affects GlobalProtect app 5.0 versions earlier than 5.0.9, GlobalProtect app 5.1 versions earlier than 5.1.2 on Windows or MacOS. Since becoming aware of the issue, Palo Alto Networks has safely deleted all the known GlobalProtectLogs zip files sent by customers with the credentials. We now filter and remove these credentials from all files sent to Customer Support. The GlobalProtectLogs zip files uploaded to Palo Alto Networks systems were only accessible by authorized personnel with valid Palo Alto Networks credentials. We do not have any evidence of malicious access or use of these credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-534",
"description": "CWE-534 Information Exposure Through Debug Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-13T19:07:14",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-2004"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.0.9; GlobalProtect app 5.1.2; and all later GlobalProtect app versions.\n\nGlobalProtect app 4.1 is now End-of-life as of March 1, 2020 and is no longer covered by our Product Security Assurance policies."
}
],
"source": {
"defect": [
"GPC-10404"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2020-05-13T00:00:00",
"value": "Initial publication"
}
],
"title": "GlobalProtect App: Passwords may be logged in clear text while collecting troubleshooting logs",
"workarounds": [
{
"lang": "en",
"value": "Multiple workarounds exists for this issue:\n1. Do not set the \u0027Logging Level\u0027 option to \u0027Dump\u0027 while collecting troubleshooting logs. This issue does not occur when the \u0027Logging Level\u0027 is set to \u0027Debug\u0027.\n2. Set the \u0027Save User Credential\u0027 option to \u0027No\u0027 in the GlobalProtect Portal\u0027s Agent configuration.\n3. Use Single-Sign-On (SSO) feature instead of the \u2018Save User Credential\u2019 option."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2020-05-13T16:00:00.000Z",
"ID": "CVE-2020-2004",
"STATE": "PUBLIC",
"TITLE": "GlobalProtect App: Passwords may be logged in clear text while collecting troubleshooting logs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalProtect App",
"version": {
"version_data": [
{
"platform": "Windows and MacOS",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.9"
},
{
"platform": "Windows and MacOS",
"version_affected": "\u003c",
"version_name": "5.1",
"version_value": "5.1.2"
},
{
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.9"
},
{
"version_affected": "!\u003e=",
"version_name": "5.1",
"version_value": "5.1.2"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was found by Navin Vasan of Palo Alto Networks during internal security review."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain circumstances a user\u0027s password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. For this issue to occur all of these conditions must be true: (1) \u0027Save User Credential\u0027 option should be set to \u0027Yes\u0027 in the GlobalProtect Portal\u0027s Agent configuration, (2) the GlobalProtect user manually selects a gateway, (3) and the logging level is set to \u0027Dump\u0027 while collecting troubleshooting logs. This issue does not affect GlobalProtect app on other platforms (for example iOS/Android/Linux). This issue affects GlobalProtect app 5.0 versions earlier than 5.0.9, GlobalProtect app 5.1 versions earlier than 5.1.2 on Windows or MacOS. Since becoming aware of the issue, Palo Alto Networks has safely deleted all the known GlobalProtectLogs zip files sent by customers with the credentials. We now filter and remove these credentials from all files sent to Customer Support. The GlobalProtectLogs zip files uploaded to Palo Alto Networks systems were only accessible by authorized personnel with valid Palo Alto Networks credentials. We do not have any evidence of malicious access or use of these credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-534 Information Exposure Through Debug Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2020-2004",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-2004"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.0.9; GlobalProtect app 5.1.2; and all later GlobalProtect app versions.\n\nGlobalProtect app 4.1 is now End-of-life as of March 1, 2020 and is no longer covered by our Product Security Assurance policies."
}
],
"source": {
"defect": [
"GPC-10404"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2020-05-13T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "Multiple workarounds exists for this issue:\n1. Do not set the \u0027Logging Level\u0027 option to \u0027Dump\u0027 while collecting troubleshooting logs. This issue does not occur when the \u0027Logging Level\u0027 is set to \u0027Debug\u0027.\n2. Set the \u0027Save User Credential\u0027 option to \u0027No\u0027 in the GlobalProtect Portal\u0027s Agent configuration.\n3. Use Single-Sign-On (SSO) feature instead of the \u2018Save User Credential\u2019 option."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2020-2004",
"datePublished": "2020-05-13T19:07:14.220187Z",
"dateReserved": "2019-12-04T00:00:00",
"dateUpdated": "2024-09-17T01:30:43.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0018 (GCVE-0-2022-0018)
Vulnerability from – Published: 2022-02-10 18:10 – Updated: 2024-09-16 23:36
VLAI?
Title
GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled
Summary
An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. This product behavior is intentional and poses no security risk when connecting to trusted GlobalProtect portals configured to use the same Single Sign-On credentials both for the local user account as well as the GlobalProtect login. However when the credentials are different, the local account credentials are inadvertently sent to the GlobalProtect portal for authentication. A third party MITM type of attacker cannot see these credentials in transit. This vulnerability is a concern where the GlobalProtect app is deployed on Bring-your-Own-Device (BYOD) type of clients with private local user accounts or GlobalProtect app is used to connect to different organizations. Fixed versions of GlobalProtect app have an app setting to prevent the transmission of the user's local user credentials to the target GlobalProtect portal regardless of the portal configuration. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows and MacOS; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS This issue does not affect GlobalProtect app on other platforms.
Severity ?
6.1 (Medium)
CWE
- CWE-201 - Information Exposure Through Sent Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect App |
Affected:
5.2 , < 5.2.9
(custom)
Affected: 5.1 , < 5.1.10 (custom) |
|||||||
|
|||||||||
Credits
Palo Alto Networks thanks Irina Belyaeva of Jet Infosystems for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows and MacOS"
],
"product": "GlobalProtect App",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.2.9",
"status": "unaffected"
}
],
"lessThan": "5.2.9",
"status": "affected",
"version": "5.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.1.10",
"status": "unaffected"
}
],
"lessThan": "5.1.10",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
},
{
"product": "GlobalProtect App",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "5.3.*"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Irina Belyaeva of Jet Infosystems for discovering and reporting this issue."
}
],
"datePublic": "2022-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. This product behavior is intentional and poses no security risk when connecting to trusted GlobalProtect portals configured to use the same Single Sign-On credentials both for the local user account as well as the GlobalProtect login. However when the credentials are different, the local account credentials are inadvertently sent to the GlobalProtect portal for authentication. A third party MITM type of attacker cannot see these credentials in transit. This vulnerability is a concern where the GlobalProtect app is deployed on Bring-your-Own-Device (BYOD) type of clients with private local user accounts or GlobalProtect app is used to connect to different organizations. Fixed versions of GlobalProtect app have an app setting to prevent the transmission of the user\u0027s local user credentials to the target GlobalProtect portal regardless of the portal configuration. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows and MacOS; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS This issue does not affect GlobalProtect app on other platforms."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Information Exposure Through Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-10T18:10:20",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0018"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.1.10 on Windows and MacOS, GlobalProtect app 5.2.9 on Windows and MacOS, and all later GlobalProtect app versions with the \u2018force-disable-sso\u2019 app setting.\n\nSet \u2018force-disable-sso\u2019 to \u2018yes\u2019 to prevent unintended transmission of the local user credentials as described here:\nhttps://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-apps/deploy-app-settings-transparently/customizable-app-settings/app-behavior-options.html"
}
],
"source": {
"defect": [
"GPC-14203"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-02-09T00:00:00",
"value": "Initial publication"
}
],
"title": "GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
"ID": "CVE-2022-0018",
"STATE": "PUBLIC",
"TITLE": "GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalProtect App",
"version": {
"version_data": [
{
"platform": "Windows and MacOS",
"version_affected": "\u003c",
"version_name": "5.2",
"version_value": "5.2.9"
},
{
"platform": "Windows and MacOS",
"version_affected": "!\u003e=",
"version_name": "5.2",
"version_value": "5.2.9"
},
{
"platform": "Windows and MacOS",
"version_affected": "\u003c",
"version_name": "5.1",
"version_value": "5.1.10"
},
{
"platform": "Windows and MacOS",
"version_affected": "!\u003e=",
"version_name": "5.1",
"version_value": "5.1.10"
},
{
"version_affected": "!",
"version_name": "5.3",
"version_value": "5.3.*"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Irina Belyaeva of Jet Infosystems for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. This product behavior is intentional and poses no security risk when connecting to trusted GlobalProtect portals configured to use the same Single Sign-On credentials both for the local user account as well as the GlobalProtect login. However when the credentials are different, the local account credentials are inadvertently sent to the GlobalProtect portal for authentication. A third party MITM type of attacker cannot see these credentials in transit. This vulnerability is a concern where the GlobalProtect app is deployed on Bring-your-Own-Device (BYOD) type of clients with private local user accounts or GlobalProtect app is used to connect to different organizations. Fixed versions of GlobalProtect app have an app setting to prevent the transmission of the user\u0027s local user credentials to the target GlobalProtect portal regardless of the portal configuration. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows and MacOS; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS This issue does not affect GlobalProtect app on other platforms."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-201 Information Exposure Through Sent Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0018",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0018"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.1.10 on Windows and MacOS, GlobalProtect app 5.2.9 on Windows and MacOS, and all later GlobalProtect app versions with the \u2018force-disable-sso\u2019 app setting.\n\nSet \u2018force-disable-sso\u2019 to \u2018yes\u2019 to prevent unintended transmission of the local user credentials as described here:\nhttps://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-apps/deploy-app-settings-transparently/customizable-app-settings/app-behavior-options.html"
}
],
"source": {
"defect": [
"GPC-14203"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-02-09T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_advisoryEoL": true,
"x_affectedList": [
"GlobalProtect App 5.2.8",
"GlobalProtect App 5.2.7",
"GlobalProtect App 5.2.6",
"GlobalProtect App 5.2.5",
"GlobalProtect App 5.2.4",
"GlobalProtect App 5.2.3",
"GlobalProtect App 5.2.2",
"GlobalProtect App 5.2.1",
"GlobalProtect App 5.2.0",
"GlobalProtect App 5.2",
"GlobalProtect App 5.1.9",
"GlobalProtect App 5.1.8",
"GlobalProtect App 5.1.7",
"GlobalProtect App 5.1.6",
"GlobalProtect App 5.1.5",
"GlobalProtect App 5.1.4",
"GlobalProtect App 5.1.3",
"GlobalProtect App 5.1.1",
"GlobalProtect App 5.1.0",
"GlobalProtect App 5.1"
],
"x_likelyAffectedList": [
"GlobalProtect App 5.0.10",
"GlobalProtect App 5.0.9",
"GlobalProtect App 5.0.8",
"GlobalProtect App 5.0.7",
"GlobalProtect App 5.0.6",
"GlobalProtect App 5.0.5",
"GlobalProtect App 5.0.4",
"GlobalProtect App 5.0.3",
"GlobalProtect App 5.0.2",
"GlobalProtect App 5.0.1",
"GlobalProtect App 5.0.0",
"GlobalProtect App 5.0",
"GlobalProtect App 4.1.13",
"GlobalProtect App 4.1.12",
"GlobalProtect App 4.1.11",
"GlobalProtect App 4.1.10",
"GlobalProtect App 4.1.9",
"GlobalProtect App 4.1.8",
"GlobalProtect App 4.1.7",
"GlobalProtect App 4.1.6",
"GlobalProtect App 4.1.5",
"GlobalProtect App 4.1.4",
"GlobalProtect App 4.1.3",
"GlobalProtect App 4.1.2",
"GlobalProtect App 4.1.1",
"GlobalProtect App 4.1.0",
"GlobalProtect App 4.1",
"GlobalProtect App 4.0.8",
"GlobalProtect App 4.0.7",
"GlobalProtect App 4.0.6",
"GlobalProtect App 4.0.5",
"GlobalProtect App 4.0.4",
"GlobalProtect App 4.0.3",
"GlobalProtect App 4.0.2",
"GlobalProtect App 4.0.0",
"GlobalProtect App 4.0",
"GlobalProtect App 3.1.6",
"GlobalProtect App 3.1.5",
"GlobalProtect App 3.1.4",
"GlobalProtect App 3.1.3",
"GlobalProtect App 3.1.1",
"GlobalProtect App 3.1.0",
"GlobalProtect App 3.1",
"GlobalProtect App 3.0.3",
"GlobalProtect App 3.0.2",
"GlobalProtect App 3.0.1",
"GlobalProtect App 3.0.0",
"GlobalProtect App 3.0",
"GlobalProtect App 2.3.5",
"GlobalProtect App 2.3.4",
"GlobalProtect App 2.3.3",
"GlobalProtect App 2.3.2",
"GlobalProtect App 2.3.1",
"GlobalProtect App 2.3.0",
"GlobalProtect App 2.3",
"GlobalProtect App 2.2.2",
"GlobalProtect App 2.2.1",
"GlobalProtect App 2.2.0",
"GlobalProtect App 2.2",
"GlobalProtect App 2.1.4",
"GlobalProtect App 2.1.3",
"GlobalProtect App 2.1.2",
"GlobalProtect App 2.1.1",
"GlobalProtect App 2.1.0",
"GlobalProtect App 2.1",
"GlobalProtect App 2.0.5",
"GlobalProtect App 2.0.4",
"GlobalProtect App 2.0.3",
"GlobalProtect App 2.0.2",
"GlobalProtect App 2.0.1",
"GlobalProtect App 2.0.0",
"GlobalProtect App 2.0",
"GlobalProtect App 1.2.11",
"GlobalProtect App 1.2.10",
"GlobalProtect App 1.2.9",
"GlobalProtect App 1.2.8",
"GlobalProtect App 1.2.7",
"GlobalProtect App 1.2.6",
"GlobalProtect App 1.2.5",
"GlobalProtect App 1.2.4",
"GlobalProtect App 1.2.3",
"GlobalProtect App 1.2.2",
"GlobalProtect App 1.2.1",
"GlobalProtect App 1.2.0",
"GlobalProtect App 1.2",
"GlobalProtect App 1.1.8",
"GlobalProtect App 1.1.7",
"GlobalProtect App 1.1.6",
"GlobalProtect App 1.1.5",
"GlobalProtect App 1.1.4",
"GlobalProtect App 1.1.3",
"GlobalProtect App 1.1.2",
"GlobalProtect App 1.1.1",
"GlobalProtect App 1.1.0",
"GlobalProtect App 1.1",
"GlobalProtect App 1.0.8",
"GlobalProtect App 1.0.7",
"GlobalProtect App 1.0.5",
"GlobalProtect App 1.0.3",
"GlobalProtect App 1.0.1",
"GlobalProtect App 1.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0018",
"datePublished": "2022-02-10T18:10:20.308594Z",
"dateReserved": "2021-12-28T00:00:00",
"dateUpdated": "2024-09-16T23:36:47.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0019 (GCVE-0-2022-0019)
Vulnerability from – Published: 2022-02-10 18:10 – Updated: 2024-09-16 20:06
VLAI?
Title
GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux
Summary
An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user’s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms.
Severity ?
4.7 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect App |
Affected:
5.3 , < 5.3.2
(custom)
Affected: 5.2 , ≤ 5.2.7 (custom) Affected: 5.1 , < 5.1.10 (custom) |
Credits
Palo Alto Networks thanks Josh Wisely and Praveen Bomma of Splunk for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "GlobalProtect App",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.3.2",
"status": "unaffected"
}
],
"lessThan": "5.3.2",
"status": "affected",
"version": "5.3",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.2.7",
"status": "affected",
"version": "5.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.1.10",
"status": "unaffected"
}
],
"lessThan": "5.1.10",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue is applicable only to GlobalProtect app users that save their user credentials for use when authenticating to a GlobalProtect portal."
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Josh Wisely and Praveen Bomma of Splunk for discovering and reporting this issue."
}
],
"datePublic": "2022-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user\u2019s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-10T18:10:21",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0019"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.1.10 on Linux, GlobalProtect app 5.3.2 on Linux, and all later GlobalProtect app versions.\n\nExisting credentials files that are exposed by this issue will be secured when the fixed GlobalProtect app is launched."
}
],
"source": {
"defect": [
"GPC-13843"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-02-09T00:00:00",
"value": "Initial publication"
}
],
"title": "GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux",
"workarounds": [
{
"lang": "en",
"value": "Users should not save their credentials until the GlobalProtect app is upgraded to a fixed version.\n\nGlobalProtect portal administrators can prevent GlobalProtect app users from saving their credentials on the next connection to the GlobalProtect portal by preventing \u2018Save User Credentials\u2019 from the portal agent configuration as described here:\n\nhttps://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-apps/deploy-app-settings-transparently/customizable-app-settings/user-behavior-options.html"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
"ID": "CVE-2022-0019",
"STATE": "PUBLIC",
"TITLE": "GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalProtect App",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "\u003c",
"version_name": "5.3",
"version_value": "5.3.2"
},
{
"platform": "Linux",
"version_affected": "\u003c=",
"version_name": "5.2",
"version_value": "5.2.7"
},
{
"platform": "Linux",
"version_affected": "!\u003e=",
"version_name": "5.3",
"version_value": "5.3.2"
},
{
"platform": "Linux",
"version_affected": "\u003c",
"version_name": "5.1",
"version_value": "5.1.10"
},
{
"platform": "Linux",
"version_affected": "!\u003e=",
"version_name": "5.1",
"version_value": "5.1.10"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue is applicable only to GlobalProtect app users that save their user credentials for use when authenticating to a GlobalProtect portal."
}
],
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Josh Wisely and Praveen Bomma of Splunk for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user\u2019s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0019",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0019"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.1.10 on Linux, GlobalProtect app 5.3.2 on Linux, and all later GlobalProtect app versions.\n\nExisting credentials files that are exposed by this issue will be secured when the fixed GlobalProtect app is launched."
}
],
"source": {
"defect": [
"GPC-13843"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-02-09T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "Users should not save their credentials until the GlobalProtect app is upgraded to a fixed version.\n\nGlobalProtect portal administrators can prevent GlobalProtect app users from saving their credentials on the next connection to the GlobalProtect portal by preventing \u2018Save User Credentials\u2019 from the portal agent configuration as described here:\n\nhttps://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-apps/deploy-app-settings-transparently/customizable-app-settings/user-behavior-options.html"
}
],
"x_advisoryEoL": true,
"x_affectedList": [
"GlobalProtect App 5.3.1",
"GlobalProtect App 5.3.0",
"GlobalProtect App 5.3",
"GlobalProtect App 5.2.7",
"GlobalProtect App 5.2.6",
"GlobalProtect App 5.2.5",
"GlobalProtect App 5.2.4",
"GlobalProtect App 5.2.3",
"GlobalProtect App 5.2.2",
"GlobalProtect App 5.2.1",
"GlobalProtect App 5.2.0",
"GlobalProtect App 5.2",
"GlobalProtect App 5.1.9",
"GlobalProtect App 5.1.8",
"GlobalProtect App 5.1.7",
"GlobalProtect App 5.1.6",
"GlobalProtect App 5.1.5",
"GlobalProtect App 5.1.4",
"GlobalProtect App 5.1.3",
"GlobalProtect App 5.1.1",
"GlobalProtect App 5.1.0",
"GlobalProtect App 5.1"
],
"x_likelyAffectedList": [
"GlobalProtect App 5.0.10",
"GlobalProtect App 5.0.9",
"GlobalProtect App 5.0.8",
"GlobalProtect App 5.0.7",
"GlobalProtect App 5.0.6",
"GlobalProtect App 5.0.5",
"GlobalProtect App 5.0.4",
"GlobalProtect App 5.0.3",
"GlobalProtect App 5.0.2",
"GlobalProtect App 5.0.1",
"GlobalProtect App 5.0.0",
"GlobalProtect App 5.0",
"GlobalProtect App 4.1.13",
"GlobalProtect App 4.1.12",
"GlobalProtect App 4.1.11",
"GlobalProtect App 4.1.10",
"GlobalProtect App 4.1.9",
"GlobalProtect App 4.1.8",
"GlobalProtect App 4.1.7",
"GlobalProtect App 4.1.6",
"GlobalProtect App 4.1.5",
"GlobalProtect App 4.1.4",
"GlobalProtect App 4.1.3",
"GlobalProtect App 4.1.2",
"GlobalProtect App 4.1.1",
"GlobalProtect App 4.1.0",
"GlobalProtect App 4.1",
"GlobalProtect App 4.0.8",
"GlobalProtect App 4.0.7",
"GlobalProtect App 4.0.6",
"GlobalProtect App 4.0.5",
"GlobalProtect App 4.0.4",
"GlobalProtect App 4.0.3",
"GlobalProtect App 4.0.2",
"GlobalProtect App 4.0.0",
"GlobalProtect App 4.0",
"GlobalProtect App 3.1.6",
"GlobalProtect App 3.1.5",
"GlobalProtect App 3.1.4",
"GlobalProtect App 3.1.3",
"GlobalProtect App 3.1.1",
"GlobalProtect App 3.1.0",
"GlobalProtect App 3.1",
"GlobalProtect App 3.0.3",
"GlobalProtect App 3.0.2",
"GlobalProtect App 3.0.1",
"GlobalProtect App 3.0.0",
"GlobalProtect App 3.0",
"GlobalProtect App 2.3.5",
"GlobalProtect App 2.3.4",
"GlobalProtect App 2.3.3",
"GlobalProtect App 2.3.2",
"GlobalProtect App 2.3.1",
"GlobalProtect App 2.3.0",
"GlobalProtect App 2.3",
"GlobalProtect App 2.2.2",
"GlobalProtect App 2.2.1",
"GlobalProtect App 2.2.0",
"GlobalProtect App 2.2",
"GlobalProtect App 2.1.4",
"GlobalProtect App 2.1.3",
"GlobalProtect App 2.1.2",
"GlobalProtect App 2.1.1",
"GlobalProtect App 2.1.0",
"GlobalProtect App 2.1",
"GlobalProtect App 2.0.5",
"GlobalProtect App 2.0.4",
"GlobalProtect App 2.0.3",
"GlobalProtect App 2.0.2",
"GlobalProtect App 2.0.1",
"GlobalProtect App 2.0.0",
"GlobalProtect App 2.0",
"GlobalProtect App 1.2.11",
"GlobalProtect App 1.2.10",
"GlobalProtect App 1.2.9",
"GlobalProtect App 1.2.8",
"GlobalProtect App 1.2.7",
"GlobalProtect App 1.2.6",
"GlobalProtect App 1.2.5",
"GlobalProtect App 1.2.4",
"GlobalProtect App 1.2.3",
"GlobalProtect App 1.2.2",
"GlobalProtect App 1.2.1",
"GlobalProtect App 1.2.0",
"GlobalProtect App 1.2",
"GlobalProtect App 1.1.8",
"GlobalProtect App 1.1.7",
"GlobalProtect App 1.1.6",
"GlobalProtect App 1.1.5",
"GlobalProtect App 1.1.4",
"GlobalProtect App 1.1.3",
"GlobalProtect App 1.1.2",
"GlobalProtect App 1.1.1",
"GlobalProtect App 1.1.0",
"GlobalProtect App 1.1",
"GlobalProtect App 1.0.8",
"GlobalProtect App 1.0.7",
"GlobalProtect App 1.0.5",
"GlobalProtect App 1.0.3",
"GlobalProtect App 1.0.1",
"GlobalProtect App 1.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0019",
"datePublished": "2022-02-10T18:10:21.940684Z",
"dateReserved": "2021-12-28T00:00:00",
"dateUpdated": "2024-09-16T20:06:53.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1573 (GCVE-0-2019-1573)
Vulnerability from – Published: 2019-04-09 21:04 – Updated: 2024-09-16 19:21
VLAI?
Title
Information Disclosure in GlobalProtect Agent
Summary
GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user.
Severity ?
CWE
- CWE-226 - Sensitive Information Uncleared Before Release
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect Agent |
Affected:
4.1 , ≤ 4.1.0
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:20:28.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#192371",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/192371"
},
{
"name": "107868",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107868"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-783"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-1573"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "GlobalProtect Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "4.1.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.1.0",
"status": "affected",
"version": "4.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"OS X"
],
"product": "GlobalProtect Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"lessThan": "4.1*",
"status": "unaffected",
"version": "4.1.11",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-226",
"description": "CWE-226 Sensitive Information Uncleared Before Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-09T13:29:41",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"name": "VU#192371",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/192371"
},
{
"name": "107868",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107868"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-783"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.paloaltonetworks.com/CVE-2019-1573"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect Agent 4.1.1 and later for Windows, and GlobalProtect Agent 4.1.11 and later for macOS."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Information Disclosure in GlobalProtect Agent",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2019-04-09T17:45:00.000Z",
"ID": "CVE-2019-1573",
"STATE": "PUBLIC",
"TITLE": "Information Disclosure in GlobalProtect Agent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalProtect Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_name": "4.1",
"version_value": "4.1.0"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "4.1",
"version_value": "4.1.1"
},
{
"platform": "OS X",
"version_affected": "!\u003e=",
"version_name": "4.1",
"version_value": "4.1.11"
},
{
"platform": "OS X",
"version_affected": "\u003c=",
"version_name": "4.1",
"version_value": "4.1.10 +1"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-226 Sensitive Information Uncleared Before Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#192371",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/192371"
},
{
"name": "107868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107868"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005"
},
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-783",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-783"
},
{
"name": "https://security.paloaltonetworks.com/CVE-2019-1573",
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2019-1573"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect Agent 4.1.1 and later for Windows, and GlobalProtect Agent 4.1.11 and later for macOS."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2019-1573",
"datePublished": "2019-04-09T21:04:01.397792Z",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-09-16T19:21:01.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0021 (GCVE-0-2022-0021)
Vulnerability from – Published: 2022-02-10 18:10 – Updated: 2024-09-16 19:20
VLAI?
Title
GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon
Summary
An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms.
Severity ?
CWE
- CWE-532 - Information Exposure Through Log Files
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect App |
Affected:
5.2 , < 5.2.9
(custom)
|
|||||||
|
|||||||||
Credits
This issue was found by Rutger Truyers of Palo Alto Networks during internal security review.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "GlobalProtect App",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.2.9",
"status": "unaffected"
}
],
"lessThan": "5.2.9",
"status": "affected",
"version": "5.2",
"versionType": "custom"
}
]
},
{
"product": "GlobalProtect App",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "5.1.*"
},
{
"status": "unaffected",
"version": "5.3.*"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue is applicable only to devices configured to use the GlobalProtect Connect Before Logon feature."
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Rutger Truyers of Palo Alto Networks during internal security review."
}
],
"datePublic": "2022-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms."
}
],
"exploits": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-10T18:10:24",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2022-0021"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.2.9 on Windows and all later GlobalProtect app versions."
}
],
"source": {
"defect": [
"GPC-13888"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-02-09T00:00:00",
"value": "Initial publication"
}
],
"title": "GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
"ID": "CVE-2022-0021",
"STATE": "PUBLIC",
"TITLE": "GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalProtect App",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "5.2",
"version_value": "5.2.9"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "5.2",
"version_value": "5.2.9"
},
{
"version_affected": "!",
"version_name": "5.1",
"version_value": "5.1.*"
},
{
"version_affected": "!",
"version_name": "5.3",
"version_value": "5.3.*"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue is applicable only to devices configured to use the GlobalProtect Connect Before Logon feature."
}
],
"credit": [
{
"lang": "eng",
"value": "This issue was found by Rutger Truyers of Palo Alto Networks during internal security review."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2022-0021",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2022-0021"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect app 5.2.9 on Windows and all later GlobalProtect app versions."
}
],
"source": {
"defect": [
"GPC-13888"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-02-09T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_advisoryEoL": true,
"x_affectedList": [
"GlobalProtect App 5.2.8",
"GlobalProtect App 5.2.7",
"GlobalProtect App 5.2.6",
"GlobalProtect App 5.2.5",
"GlobalProtect App 5.2.4",
"GlobalProtect App 5.2.3",
"GlobalProtect App 5.2.2",
"GlobalProtect App 5.2.1",
"GlobalProtect App 5.2.0",
"GlobalProtect App 5.2"
],
"x_likelyAffectedList": [
"GlobalProtect App 5.0.10",
"GlobalProtect App 5.0.9",
"GlobalProtect App 5.0.8",
"GlobalProtect App 5.0.7",
"GlobalProtect App 5.0.6",
"GlobalProtect App 5.0.5",
"GlobalProtect App 5.0.4",
"GlobalProtect App 5.0.3",
"GlobalProtect App 5.0.2",
"GlobalProtect App 5.0.1",
"GlobalProtect App 5.0.0",
"GlobalProtect App 5.0",
"GlobalProtect App 4.1.13",
"GlobalProtect App 4.1.12",
"GlobalProtect App 4.1.11",
"GlobalProtect App 4.1.10",
"GlobalProtect App 4.1.9",
"GlobalProtect App 4.1.8",
"GlobalProtect App 4.1.7",
"GlobalProtect App 4.1.6",
"GlobalProtect App 4.1.5",
"GlobalProtect App 4.1.4",
"GlobalProtect App 4.1.3",
"GlobalProtect App 4.1.2",
"GlobalProtect App 4.1.1",
"GlobalProtect App 4.1.0",
"GlobalProtect App 4.1",
"GlobalProtect App 4.0.8",
"GlobalProtect App 4.0.7",
"GlobalProtect App 4.0.6",
"GlobalProtect App 4.0.5",
"GlobalProtect App 4.0.4",
"GlobalProtect App 4.0.3",
"GlobalProtect App 4.0.2",
"GlobalProtect App 4.0.0",
"GlobalProtect App 4.0",
"GlobalProtect App 3.1.6",
"GlobalProtect App 3.1.5",
"GlobalProtect App 3.1.4",
"GlobalProtect App 3.1.3",
"GlobalProtect App 3.1.1",
"GlobalProtect App 3.1.0",
"GlobalProtect App 3.1",
"GlobalProtect App 3.0.3",
"GlobalProtect App 3.0.2",
"GlobalProtect App 3.0.1",
"GlobalProtect App 3.0.0",
"GlobalProtect App 3.0",
"GlobalProtect App 2.3.5",
"GlobalProtect App 2.3.4",
"GlobalProtect App 2.3.3",
"GlobalProtect App 2.3.2",
"GlobalProtect App 2.3.1",
"GlobalProtect App 2.3.0",
"GlobalProtect App 2.3",
"GlobalProtect App 2.2.2",
"GlobalProtect App 2.2.1",
"GlobalProtect App 2.2.0",
"GlobalProtect App 2.2",
"GlobalProtect App 2.1.4",
"GlobalProtect App 2.1.3",
"GlobalProtect App 2.1.2",
"GlobalProtect App 2.1.1",
"GlobalProtect App 2.1.0",
"GlobalProtect App 2.1",
"GlobalProtect App 2.0.5",
"GlobalProtect App 2.0.4",
"GlobalProtect App 2.0.3",
"GlobalProtect App 2.0.2",
"GlobalProtect App 2.0.1",
"GlobalProtect App 2.0.0",
"GlobalProtect App 2.0",
"GlobalProtect App 1.2.11",
"GlobalProtect App 1.2.10",
"GlobalProtect App 1.2.9",
"GlobalProtect App 1.2.8",
"GlobalProtect App 1.2.7",
"GlobalProtect App 1.2.6",
"GlobalProtect App 1.2.5",
"GlobalProtect App 1.2.4",
"GlobalProtect App 1.2.3",
"GlobalProtect App 1.2.2",
"GlobalProtect App 1.2.1",
"GlobalProtect App 1.2.0",
"GlobalProtect App 1.2",
"GlobalProtect App 1.1.8",
"GlobalProtect App 1.1.7",
"GlobalProtect App 1.1.6",
"GlobalProtect App 1.1.5",
"GlobalProtect App 1.1.4",
"GlobalProtect App 1.1.3",
"GlobalProtect App 1.1.2",
"GlobalProtect App 1.1.1",
"GlobalProtect App 1.1.0",
"GlobalProtect App 1.1",
"GlobalProtect App 1.0.8",
"GlobalProtect App 1.0.7",
"GlobalProtect App 1.0.5",
"GlobalProtect App 1.0.3",
"GlobalProtect App 1.0.1",
"GlobalProtect App 1.0"
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2022-0021",
"datePublished": "2022-02-10T18:10:24.695182Z",
"dateReserved": "2021-12-28T00:00:00",
"dateUpdated": "2024-09-16T19:20:33.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
displaying 11 - 20 organizations in total 35