Search criteria
2 vulnerabilities found for GlobalProtect by Palo Alto Networks
CVE-2020-1976 (GCVE-0-2020-1976)
Vulnerability from cvelistv5 – Published: 2020-02-12 22:57 – Updated: 2024-09-17 01:51
VLAI?
Summary
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.
Severity ?
4.7 (Medium)
CWE
- CWE-642 - External Control of Critical State Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect |
Affected:
5.0 , ≤ 5.0.5
(custom)
|
Credits
This issue was discovered during a security test performed in collaboration with IOActive.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-1976"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Mac OS"
],
"product": "GlobalProtect",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.0.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.0.5",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered during a security test performed in collaboration with IOActive."
}
],
"datePublic": "2020-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-642",
"description": "CWE-642 External Control of Critical State Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T22:57:08",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-1976"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect 5.0.6, GlobalProtect 5.1.0, and all later versions."
}
],
"source": {
"defect": [
"GPC-9616"
],
"discovery": "INTERNAL"
},
"title": "GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability.",
"workarounds": [
{
"lang": "en",
"value": "n/a"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2020-02-12T17:00:00.000Z",
"ID": "CVE-2020-1976",
"STATE": "PUBLIC",
"TITLE": "GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalProtect",
"version": {
"version_data": [
{
"platform": "Mac OS",
"version_affected": "\u003c=",
"version_name": "5.0",
"version_value": "5.0.5"
},
{
"platform": "Mac OS",
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.6"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered during a security test performed in collaboration with IOActive."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-642 External Control of Critical State Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2020-1976",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1976"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect 5.0.6, GlobalProtect 5.1.0, and all later versions."
}
],
"source": {
"defect": [
"GPC-9616"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "n/a"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2020-1976",
"datePublished": "2020-02-12T22:57:08.144091Z",
"dateReserved": "2019-12-04T00:00:00",
"dateUpdated": "2024-09-17T01:51:07.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1976 (GCVE-0-2020-1976)
Vulnerability from nvd – Published: 2020-02-12 22:57 – Updated: 2024-09-17 01:51
VLAI?
Summary
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.
Severity ?
4.7 (Medium)
CWE
- CWE-642 - External Control of Critical State Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect |
Affected:
5.0 , ≤ 5.0.5
(custom)
|
Credits
This issue was discovered during a security test performed in collaboration with IOActive.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-1976"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Mac OS"
],
"product": "GlobalProtect",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.0.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.0.5",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered during a security test performed in collaboration with IOActive."
}
],
"datePublic": "2020-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-642",
"description": "CWE-642 External Control of Critical State Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T22:57:08",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-1976"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect 5.0.6, GlobalProtect 5.1.0, and all later versions."
}
],
"source": {
"defect": [
"GPC-9616"
],
"discovery": "INTERNAL"
},
"title": "GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability.",
"workarounds": [
{
"lang": "en",
"value": "n/a"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2020-02-12T17:00:00.000Z",
"ID": "CVE-2020-1976",
"STATE": "PUBLIC",
"TITLE": "GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlobalProtect",
"version": {
"version_data": [
{
"platform": "Mac OS",
"version_affected": "\u003c=",
"version_name": "5.0",
"version_value": "5.0.5"
},
{
"platform": "Mac OS",
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.6"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered during a security test performed in collaboration with IOActive."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-642 External Control of Critical State Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2020-1976",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1976"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in GlobalProtect 5.0.6, GlobalProtect 5.1.0, and all later versions."
}
],
"source": {
"defect": [
"GPC-9616"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "n/a"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2020-1976",
"datePublished": "2020-02-12T22:57:08.144091Z",
"dateReserved": "2019-12-04T00:00:00",
"dateUpdated": "2024-09-17T01:51:07.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}