cvelistv5 - cve-2022-0016

CVE-2022-0016 (GCVE-0-2022-0016)

Vulnerability from cvelistv5 – Published: 2022-02-10 18:10 – Updated: 2024-09-17 02:00

Summary

An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-703 - Improper Check or Handling of Exceptional Conditions

Assigner

palo_alto

References

URL

Tags

https://security.paloaltonetworks.com/CVE-2022-0016

x_refsource_MISC

Impacted products

Vendor

Product

Version

Palo Alto Networks

GlobalProtect App

Affected: 5.2 , < 5.2.9 (custom)

Palo Alto Networks

GlobalProtect App

Unaffected: 5.3.*
Unaffected: 5.1.* , < 5.1* (custom)

Credits

Palo Alto Networks thanks Adam Crosser (Praetorian), Brian Sizemore (Praetorian) and N. Sao (Genetec) for independently discovering and reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.378Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2022-0016"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Windows and MacOS"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "5.2.9",
                  "status": "unaffected"
                }
              ],
              "lessThan": "5.2.9",
              "status": "affected",
              "version": "5.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "5.3.*"
            },
            {
              "lessThan": "5.1*",
              "status": "unaffected",
              "version": "5.1.*",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "This issue is applicable only to devices configured to use the GlobalProtect Connect Before Logon feature."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks thanks Adam Crosser (Praetorian), Brian Sizemore (Praetorian) and N. Sao (Genetec) for independently discovering and reporting this issue."
        }
      ],
      "datePublic": "2022-02-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-10T18:10:16",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2022-0016"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in GlobalProtect app 5.2.9 on Windows and MacOS, and all later GlobalProtect app versions."
        }
      ],
      "source": {
        "defect": [
          "GPC-14404",
          "GPC-13685",
          "GPC-14747"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2022-02-09T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
          "ID": "CVE-2022-0016",
          "STATE": "PUBLIC",
          "TITLE": "GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GlobalProtect App",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Windows and MacOS",
                            "version_affected": "\u003c",
                            "version_name": "5.2",
                            "version_value": "5.2.9"
                          },
                          {
                            "platform": "Windows and MacOS",
                            "version_affected": "!\u003e=",
                            "version_name": "5.2",
                            "version_value": "5.2.9"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "5.1",
                            "version_value": "5.1.*"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "5.3",
                            "version_value": "5.3.*"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "This issue is applicable only to devices configured to use the GlobalProtect Connect Before Logon feature."
          }
        ],
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Adam Crosser (Praetorian), Brian Sizemore (Praetorian) and N. Sao (Genetec) for independently discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-703 Improper Check or Handling of Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2022-0016",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2022-0016"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in GlobalProtect app 5.2.9 on Windows and MacOS, and all later GlobalProtect app versions."
          }
        ],
        "source": {
          "defect": [
            "GPC-14404",
            "GPC-13685",
            "GPC-14747"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2022-02-09T00:00:00",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "There are no known workarounds for this issue."
          }
        ],
        "x_advisoryEoL": true,
        "x_affectedList": [
          "GlobalProtect App 5.2.8",
          "GlobalProtect App 5.2.7",
          "GlobalProtect App 5.2.6",
          "GlobalProtect App 5.2.5",
          "GlobalProtect App 5.2.4",
          "GlobalProtect App 5.2.3",
          "GlobalProtect App 5.2.2",
          "GlobalProtect App 5.2.1",
          "GlobalProtect App 5.2.0",
          "GlobalProtect App 5.2"
        ],
        "x_likelyAffectedList": [
          "GlobalProtect App 5.0.10",
          "GlobalProtect App 5.0.9",
          "GlobalProtect App 5.0.8",
          "GlobalProtect App 5.0.7",
          "GlobalProtect App 5.0.6",
          "GlobalProtect App 5.0.5",
          "GlobalProtect App 5.0.4",
          "GlobalProtect App 5.0.3",
          "GlobalProtect App 5.0.2",
          "GlobalProtect App 5.0.1",
          "GlobalProtect App 5.0.0",
          "GlobalProtect App 5.0",
          "GlobalProtect App 4.1.13",
          "GlobalProtect App 4.1.12",
          "GlobalProtect App 4.1.11",
          "GlobalProtect App 4.1.10",
          "GlobalProtect App 4.1.9",
          "GlobalProtect App 4.1.8",
          "GlobalProtect App 4.1.7",
          "GlobalProtect App 4.1.6",
          "GlobalProtect App 4.1.5",
          "GlobalProtect App 4.1.4",
          "GlobalProtect App 4.1.3",
          "GlobalProtect App 4.1.2",
          "GlobalProtect App 4.1.1",
          "GlobalProtect App 4.1.0",
          "GlobalProtect App 4.1",
          "GlobalProtect App 4.0.8",
          "GlobalProtect App 4.0.7",
          "GlobalProtect App 4.0.6",
          "GlobalProtect App 4.0.5",
          "GlobalProtect App 4.0.4",
          "GlobalProtect App 4.0.3",
          "GlobalProtect App 4.0.2",
          "GlobalProtect App 4.0.0",
          "GlobalProtect App 4.0",
          "GlobalProtect App 3.1.6",
          "GlobalProtect App 3.1.5",
          "GlobalProtect App 3.1.4",
          "GlobalProtect App 3.1.3",
          "GlobalProtect App 3.1.1",
          "GlobalProtect App 3.1.0",
          "GlobalProtect App 3.1",
          "GlobalProtect App 3.0.3",
          "GlobalProtect App 3.0.2",
          "GlobalProtect App 3.0.1",
          "GlobalProtect App 3.0.0",
          "GlobalProtect App 3.0",
          "GlobalProtect App 2.3.5",
          "GlobalProtect App 2.3.4",
          "GlobalProtect App 2.3.3",
          "GlobalProtect App 2.3.2",
          "GlobalProtect App 2.3.1",
          "GlobalProtect App 2.3.0",
          "GlobalProtect App 2.3",
          "GlobalProtect App 2.2.2",
          "GlobalProtect App 2.2.1",
          "GlobalProtect App 2.2.0",
          "GlobalProtect App 2.2",
          "GlobalProtect App 2.1.4",
          "GlobalProtect App 2.1.3",
          "GlobalProtect App 2.1.2",
          "GlobalProtect App 2.1.1",
          "GlobalProtect App 2.1.0",
          "GlobalProtect App 2.1",
          "GlobalProtect App 2.0.5",
          "GlobalProtect App 2.0.4",
          "GlobalProtect App 2.0.3",
          "GlobalProtect App 2.0.2",
          "GlobalProtect App 2.0.1",
          "GlobalProtect App 2.0.0",
          "GlobalProtect App 2.0",
          "GlobalProtect App 1.2.11",
          "GlobalProtect App 1.2.10",
          "GlobalProtect App 1.2.9",
          "GlobalProtect App 1.2.8",
          "GlobalProtect App 1.2.7",
          "GlobalProtect App 1.2.6",
          "GlobalProtect App 1.2.5",
          "GlobalProtect App 1.2.4",
          "GlobalProtect App 1.2.3",
          "GlobalProtect App 1.2.2",
          "GlobalProtect App 1.2.1",
          "GlobalProtect App 1.2.0",
          "GlobalProtect App 1.2",
          "GlobalProtect App 1.1.8",
          "GlobalProtect App 1.1.7",
          "GlobalProtect App 1.1.6",
          "GlobalProtect App 1.1.5",
          "GlobalProtect App 1.1.4",
          "GlobalProtect App 1.1.3",
          "GlobalProtect App 1.1.2",
          "GlobalProtect App 1.1.1",
          "GlobalProtect App 1.1.0",
          "GlobalProtect App 1.1",
          "GlobalProtect App 1.0.8",
          "GlobalProtect App 1.0.7",
          "GlobalProtect App 1.0.5",
          "GlobalProtect App 1.0.3",
          "GlobalProtect App 1.0.1",
          "GlobalProtect App 1.0"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2022-0016",
    "datePublished": "2022-02-10T18:10:16.879284Z",
    "dateReserved": "2021-12-28T00:00:00",
    "dateUpdated": "2024-09-17T02:00:45.459Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.2\", \"versionEndExcluding\": \"5.2.9\", \"matchCriteriaId\": \"84B6241D-4456-4DC4-9767-3E608BCA0972\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"387021A0-AF36-463C-A605-32EA7DAC172E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de manejo inapropiado de condiciones excepcionales en la funcionalidad Connect Before Logon de GlobalProtect app de Palo Alto Networks que permite a un atacante local escalar a privilegios SYSTEM o root cuando es autenticado con Connect Before Logon en determinadas circunstancias. Este problema afecta a GlobalProtect app versiones 5.2 anteriores a 5.2.9 en Windows y MacOS. Este problema no afecta a GlobalProtect app en otras plataformas\"}]",
      "id": "CVE-2022-0016",
      "lastModified": "2024-11-21T06:37:49.420",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@paloaltonetworks.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.4, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-02-10T18:15:08.503",
      "references": "[{\"url\": \"https://security.paloaltonetworks.com/CVE-2022-0016\", \"source\": \"psirt@paloaltonetworks.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.paloaltonetworks.com/CVE-2022-0016\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@paloaltonetworks.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"psirt@paloaltonetworks.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-703\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-755\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-0016\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2022-02-10T18:15:08.503\",\"lastModified\":\"2024-11-21T06:37:49.420\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de manejo inapropiado de condiciones excepcionales en la funcionalidad Connect Before Logon de GlobalProtect app de Palo Alto Networks que permite a un atacante local escalar a privilegios SYSTEM o root cuando es autenticado con Connect Before Logon en determinadas circunstancias. Este problema afecta a GlobalProtect app versiones 5.2 anteriores a 5.2.9 en Windows y MacOS. Este problema no afecta a GlobalProtect app en otras plataformas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.4,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-703\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.2\",\"versionEndExcluding\":\"5.2.9\",\"matchCriteriaId\":\"84B6241D-4456-4DC4-9767-3E608BCA0972\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2022-0016\",\"source\":\"psirt@paloaltonetworks.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2022-0016\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-MRWH-MJVV-R5VH

Vulnerability from github – Published: 2022-02-11 00:00 – Updated: 2022-02-18 00:00

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-0016"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-10T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.",
  "id": "GHSA-mrwh-mjvv-r5vh",
  "modified": "2022-02-18T00:00:57Z",
  "published": "2022-02-11T00:00:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0016"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0016"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2022-AVI-234

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

GlobalProtect App sur Windows et MacOS versions 5.2.x antérieures à 5.2.9
PAN-OS versions 8.1.x antérieures à 8.1.21
PAN-OS versions 9.0.x
PAN-OS versions 9.1.x antérieures à 9.1.11
PAN-OS versions 10.0.x antérieures à 10.0.7

La version 9.0 de PAN-OS n'est plus supportée par l'éditeur depuis le 1^er mars 2022.

L'avis éditeur indique de changer les mots de passe de tous les utilisateurs et administrateurs locaux après la mise à niveau.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto CVE-2022-0016 du 09 mars 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto CVE-2022-0022 du 09 mars 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eGlobalProtect App sur Windows et MacOS versions 5.2.x ant\u00e9rieures \u00e0 5.2.9\u003c/li\u003e \u003cli\u003ePAN-OS versions 8.1.x ant\u00e9rieures \u00e0 8.1.21\u003c/li\u003e \u003cli\u003ePAN-OS versions 9.0.x\u003c/li\u003e \u003cli\u003ePAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.11\u003c/li\u003e \u003cli\u003ePAN-OS versions 10.0.x ant\u00e9rieures \u00e0 10.0.7\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLa version 9.0 de PAN-OS n\u0027est plus support\u00e9e par l\u0027\u00e9diteur depuis le 1\u003csup\u003eer\u003c/sup\u003e mars 2022.\u003c/p\u003e \u003cp\u003eL\u0027avis \u00e9diteur indique de changer les mots de passe de tous les utilisateurs et administrateurs locaux apr\u00e8s la mise \u00e0 niveau.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-0022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0022"
    },
    {
      "name": "CVE-2022-0016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0016"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-234",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-10T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027information de changement des mots de passe",
      "revision_date": "2022-03-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo\nAlto Networks. Elles permettent \u00e0 un attaquant de provoquer une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2022-0016 du 09 mars 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0016"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2022-0022 du 09 mars 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0022"
    }
  ]
}

CERTFR-2022-AVI-234

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

GlobalProtect App sur Windows et MacOS versions 5.2.x antérieures à 5.2.9
PAN-OS versions 8.1.x antérieures à 8.1.21
PAN-OS versions 9.0.x
PAN-OS versions 9.1.x antérieures à 9.1.11
PAN-OS versions 10.0.x antérieures à 10.0.7

La version 9.0 de PAN-OS n'est plus supportée par l'éditeur depuis le 1^er mars 2022.

L'avis éditeur indique de changer les mots de passe de tous les utilisateurs et administrateurs locaux après la mise à niveau.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto CVE-2022-0016 du 09 mars 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto CVE-2022-0022 du 09 mars 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eGlobalProtect App sur Windows et MacOS versions 5.2.x ant\u00e9rieures \u00e0 5.2.9\u003c/li\u003e \u003cli\u003ePAN-OS versions 8.1.x ant\u00e9rieures \u00e0 8.1.21\u003c/li\u003e \u003cli\u003ePAN-OS versions 9.0.x\u003c/li\u003e \u003cli\u003ePAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.11\u003c/li\u003e \u003cli\u003ePAN-OS versions 10.0.x ant\u00e9rieures \u00e0 10.0.7\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLa version 9.0 de PAN-OS n\u0027est plus support\u00e9e par l\u0027\u00e9diteur depuis le 1\u003csup\u003eer\u003c/sup\u003e mars 2022.\u003c/p\u003e \u003cp\u003eL\u0027avis \u00e9diteur indique de changer les mots de passe de tous les utilisateurs et administrateurs locaux apr\u00e8s la mise \u00e0 niveau.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-0022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0022"
    },
    {
      "name": "CVE-2022-0016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0016"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-234",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-10T00:00:00.000000"
    },
    {
      "description": "Ajout de l\u0027information de changement des mots de passe",
      "revision_date": "2022-03-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo\nAlto Networks. Elles permettent \u00e0 un attaquant de provoquer une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2022-0016 du 09 mars 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0016"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2022-0022 du 09 mars 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0022"
    }
  ]
}

CERTFR-2022-AVI-136

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.1.x antérieures à 5.1.10 sur Windows, MacOS et Linux
Palo Alto Networks	PAN-OS	PAN-OS versions 9.1.x antérieures à 9.1.12
Palo Alto Networks	Cortex XSOAR	Cortex XSOAR 6.2.0 versions antérieures à 1958888
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.3.x antérieures à 5.3.2 sur Linux
Palo Alto Networks	Cortex XSOAR	Cortex XSOAR 6.1.0 toutes versions
Palo Alto Networks	Prisma Access	Prisma Access 2.2 Preferred toutes versions
Palo Alto Networks	PAN-OS	PAN-OS versions 8.1.x antérieures à 8.1.21
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.2.x antérieures à 5.2.9 sur Windows et MacOS
Palo Alto Networks	PAN-OS	PAN-OS versions 10.0.x antérieures à 10.0.8
Palo Alto Networks	PAN-OS	PAN-OS versions 10.1.x antérieures à 10.1.3
Palo Alto Networks	PAN-OS	PAN-OS versions 9.0.x toutes versions
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.2.x à 5.2.7 sur Linux
Palo Alto Networks	Prisma Access	Prisma Access 2.1 Preferred et Innovation toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2022-0018 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0017 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0019 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0020 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0011 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0016 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0021 du 09 février 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "GlobalProtect App versions 5.1.x ant\u00e9rieures \u00e0 5.1.10 sur Windows, MacOS et Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.12",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XSOAR 6.2.0 versions ant\u00e9rieures \u00e0 1958888",
      "product": {
        "name": "Cortex XSOAR",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.3.x ant\u00e9rieures \u00e0 5.3.2 sur Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XSOAR 6.1.0 toutes versions",
      "product": {
        "name": "Cortex XSOAR",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access 2.2 Preferred toutes versions",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 8.1.x ant\u00e9rieures \u00e0 8.1.21",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.2.x ant\u00e9rieures \u00e0 5.2.9 sur Windows et MacOS",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.0.x ant\u00e9rieures \u00e0 10.0.8",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.3",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 9.0.x toutes versions",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.2.x \u00e0 5.2.7 sur Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access 2.1 Preferred et Innovation toutes versions",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-0018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0018"
    },
    {
      "name": "CVE-2022-0019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0019"
    },
    {
      "name": "CVE-2022-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0021"
    },
    {
      "name": "CVE-2022-0011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0011"
    },
    {
      "name": "CVE-2022-0016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0016"
    },
    {
      "name": "CVE-2022-0017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0017"
    },
    {
      "name": "CVE-2022-0020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0020"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-136",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo\nAlto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0018 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0018"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0017 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0017"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0019 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0019"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0020 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0020"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0011 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0011"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0016 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0016"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0021 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0021"
    }
  ]
}

CERTFR-2022-AVI-136

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.1.x antérieures à 5.1.10 sur Windows, MacOS et Linux
Palo Alto Networks	PAN-OS	PAN-OS versions 9.1.x antérieures à 9.1.12
Palo Alto Networks	Cortex XSOAR	Cortex XSOAR 6.2.0 versions antérieures à 1958888
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.3.x antérieures à 5.3.2 sur Linux
Palo Alto Networks	Cortex XSOAR	Cortex XSOAR 6.1.0 toutes versions
Palo Alto Networks	Prisma Access	Prisma Access 2.2 Preferred toutes versions
Palo Alto Networks	PAN-OS	PAN-OS versions 8.1.x antérieures à 8.1.21
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.2.x antérieures à 5.2.9 sur Windows et MacOS
Palo Alto Networks	PAN-OS	PAN-OS versions 10.0.x antérieures à 10.0.8
Palo Alto Networks	PAN-OS	PAN-OS versions 10.1.x antérieures à 10.1.3
Palo Alto Networks	PAN-OS	PAN-OS versions 9.0.x toutes versions
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.2.x à 5.2.7 sur Linux
Palo Alto Networks	Prisma Access	Prisma Access 2.1 Preferred et Innovation toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2022-0018 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0017 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0019 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0020 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0011 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0016 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0021 du 09 février 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "GlobalProtect App versions 5.1.x ant\u00e9rieures \u00e0 5.1.10 sur Windows, MacOS et Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.12",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XSOAR 6.2.0 versions ant\u00e9rieures \u00e0 1958888",
      "product": {
        "name": "Cortex XSOAR",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.3.x ant\u00e9rieures \u00e0 5.3.2 sur Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XSOAR 6.1.0 toutes versions",
      "product": {
        "name": "Cortex XSOAR",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access 2.2 Preferred toutes versions",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 8.1.x ant\u00e9rieures \u00e0 8.1.21",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.2.x ant\u00e9rieures \u00e0 5.2.9 sur Windows et MacOS",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.0.x ant\u00e9rieures \u00e0 10.0.8",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.3",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 9.0.x toutes versions",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.2.x \u00e0 5.2.7 sur Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access 2.1 Preferred et Innovation toutes versions",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-0018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0018"
    },
    {
      "name": "CVE-2022-0019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0019"
    },
    {
      "name": "CVE-2022-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0021"
    },
    {
      "name": "CVE-2022-0011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0011"
    },
    {
      "name": "CVE-2022-0016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0016"
    },
    {
      "name": "CVE-2022-0017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0017"
    },
    {
      "name": "CVE-2022-0020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0020"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-136",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo\nAlto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0018 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0018"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0017 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0017"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0019 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0019"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0020 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0020"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0011 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0011"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0016 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0016"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0021 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0021"
    }
  ]
}

FKIE_CVE-2022-0016

Vulnerability from fkie_nvd - Published: 2022-02-10 18:15 - Updated: 2024-11-21 06:37

Severity ?

7.4 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@paloaltonetworks.com	https://security.paloaltonetworks.com/CVE-2022-0016	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://security.paloaltonetworks.com/CVE-2022-0016	Vendor Advisory

Impacted products

Vendor	Product	Version
paloaltonetworks	globalprotect	*
apple	macos	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84B6241D-4456-4DC4-9767-3E608BCA0972",
              "versionEndExcluding": "5.2.9",
              "versionStartIncluding": "5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de manejo inapropiado de condiciones excepcionales en la funcionalidad Connect Before Logon de GlobalProtect app de Palo Alto Networks que permite a un atacante local escalar a privilegios SYSTEM o root cuando es autenticado con Connect Before Logon en determinadas circunstancias. Este problema afecta a GlobalProtect app versiones 5.2 anteriores a 5.2.9 en Windows y MacOS. Este problema no afecta a GlobalProtect app en otras plataformas"
    }
  ],
  "id": "CVE-2022-0016",
  "lastModified": "2024-11-21T06:37:49.420",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 5.9,
        "source": "psirt@paloaltonetworks.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-02-10T18:15:08.503",
  "references": [
    {
      "source": "psirt@paloaltonetworks.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2022-0016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2022-0016"
    }
  ],
  "sourceIdentifier": "psirt@paloaltonetworks.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-703"
        }
      ],
      "source": "psirt@paloaltonetworks.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2022-0016

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-0016

Aliases

CVE-2022-0016

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-0016",
    "description": "An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.",
    "id": "GSD-2022-0016"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-0016"
      ],
      "details": "An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.",
      "id": "GSD-2022-0016",
      "modified": "2023-12-13T01:19:11.190656Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@paloaltonetworks.com",
        "DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
        "ID": "CVE-2022-0016",
        "STATE": "PUBLIC",
        "TITLE": "GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "GlobalProtect App",
                    "version": {
                      "version_data": [
                        {
                          "platform": "Windows and MacOS",
                          "version_affected": "\u003c",
                          "version_name": "5.2",
                          "version_value": "5.2.9"
                        },
                        {
                          "platform": "Windows and MacOS",
                          "version_affected": "!\u003e=",
                          "version_name": "5.2",
                          "version_value": "5.2.9"
                        },
                        {
                          "version_affected": "!\u003e=",
                          "version_name": "5.1",
                          "version_value": "5.1.*"
                        },
                        {
                          "version_affected": "!",
                          "version_name": "5.3",
                          "version_value": "5.3.*"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Palo Alto Networks"
            }
          ]
        }
      },
      "configuration": [
        {
          "lang": "eng",
          "value": "This issue is applicable only to devices configured to use the GlobalProtect Connect Before Logon feature.\n"
        }
      ],
      "credit": [
        {
          "lang": "eng",
          "value": "Palo Alto Networks thanks Adam Crosser (Praetorian), Brian Sizemore (Praetorian) and N. Sao (Genetec) for independently discovering and reporting this issue."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-703 Improper Check or Handling of Exceptional Conditions"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security.paloaltonetworks.com/CVE-2022-0016",
            "refsource": "MISC",
            "url": "https://security.paloaltonetworks.com/CVE-2022-0016"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "This issue is fixed in GlobalProtect app 5.2.9 on Windows and MacOS, and all later GlobalProtect app versions.\n"
        }
      ],
      "source": {
        "defect": [
          "GPC-14404",
          "GPC-13685",
          "GPC-14747"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "eng",
          "time": "2022-02-09T17:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "work_around": [
        {
          "lang": "eng",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_advisoryEoL": true,
      "x_affectedList": [
        "GlobalProtect App 5.2.8",
        "GlobalProtect App 5.2.7",
        "GlobalProtect App 5.2.6",
        "GlobalProtect App 5.2.5",
        "GlobalProtect App 5.2.4",
        "GlobalProtect App 5.2.3",
        "GlobalProtect App 5.2.2",
        "GlobalProtect App 5.2.1",
        "GlobalProtect App 5.2.0",
        "GlobalProtect App 5.2"
      ],
      "x_likelyAffectedList": [
        "GlobalProtect App 5.0.10",
        "GlobalProtect App 5.0.9",
        "GlobalProtect App 5.0.8",
        "GlobalProtect App 5.0.7",
        "GlobalProtect App 5.0.6",
        "GlobalProtect App 5.0.5",
        "GlobalProtect App 5.0.4",
        "GlobalProtect App 5.0.3",
        "GlobalProtect App 5.0.2",
        "GlobalProtect App 5.0.1",
        "GlobalProtect App 5.0.0",
        "GlobalProtect App 5.0",
        "GlobalProtect App 4.1.13",
        "GlobalProtect App 4.1.12",
        "GlobalProtect App 4.1.11",
        "GlobalProtect App 4.1.10",
        "GlobalProtect App 4.1.9",
        "GlobalProtect App 4.1.8",
        "GlobalProtect App 4.1.7",
        "GlobalProtect App 4.1.6",
        "GlobalProtect App 4.1.5",
        "GlobalProtect App 4.1.4",
        "GlobalProtect App 4.1.3",
        "GlobalProtect App 4.1.2",
        "GlobalProtect App 4.1.1",
        "GlobalProtect App 4.1.0",
        "GlobalProtect App 4.1",
        "GlobalProtect App 4.0.8",
        "GlobalProtect App 4.0.7",
        "GlobalProtect App 4.0.6",
        "GlobalProtect App 4.0.5",
        "GlobalProtect App 4.0.4",
        "GlobalProtect App 4.0.3",
        "GlobalProtect App 4.0.2",
        "GlobalProtect App 4.0.0",
        "GlobalProtect App 4.0",
        "GlobalProtect App 3.1.6",
        "GlobalProtect App 3.1.5",
        "GlobalProtect App 3.1.4",
        "GlobalProtect App 3.1.3",
        "GlobalProtect App 3.1.1",
        "GlobalProtect App 3.1.0",
        "GlobalProtect App 3.1",
        "GlobalProtect App 3.0.3",
        "GlobalProtect App 3.0.2",
        "GlobalProtect App 3.0.1",
        "GlobalProtect App 3.0.0",
        "GlobalProtect App 3.0",
        "GlobalProtect App 2.3.5",
        "GlobalProtect App 2.3.4",
        "GlobalProtect App 2.3.3",
        "GlobalProtect App 2.3.2",
        "GlobalProtect App 2.3.1",
        "GlobalProtect App 2.3.0",
        "GlobalProtect App 2.3",
        "GlobalProtect App 2.2.2",
        "GlobalProtect App 2.2.1",
        "GlobalProtect App 2.2.0",
        "GlobalProtect App 2.2",
        "GlobalProtect App 2.1.4",
        "GlobalProtect App 2.1.3",
        "GlobalProtect App 2.1.2",
        "GlobalProtect App 2.1.1",
        "GlobalProtect App 2.1.0",
        "GlobalProtect App 2.1",
        "GlobalProtect App 2.0.5",
        "GlobalProtect App 2.0.4",
        "GlobalProtect App 2.0.3",
        "GlobalProtect App 2.0.2",
        "GlobalProtect App 2.0.1",
        "GlobalProtect App 2.0.0",
        "GlobalProtect App 2.0",
        "GlobalProtect App 1.2.11",
        "GlobalProtect App 1.2.10",
        "GlobalProtect App 1.2.9",
        "GlobalProtect App 1.2.8",
        "GlobalProtect App 1.2.7",
        "GlobalProtect App 1.2.6",
        "GlobalProtect App 1.2.5",
        "GlobalProtect App 1.2.4",
        "GlobalProtect App 1.2.3",
        "GlobalProtect App 1.2.2",
        "GlobalProtect App 1.2.1",
        "GlobalProtect App 1.2.0",
        "GlobalProtect App 1.2",
        "GlobalProtect App 1.1.8",
        "GlobalProtect App 1.1.7",
        "GlobalProtect App 1.1.6",
        "GlobalProtect App 1.1.5",
        "GlobalProtect App 1.1.4",
        "GlobalProtect App 1.1.3",
        "GlobalProtect App 1.1.2",
        "GlobalProtect App 1.1.1",
        "GlobalProtect App 1.1.0",
        "GlobalProtect App 1.1",
        "GlobalProtect App 1.0.8",
        "GlobalProtect App 1.0.7",
        "GlobalProtect App 1.0.5",
        "GlobalProtect App 1.0.3",
        "GlobalProtect App 1.0.1",
        "GlobalProtect App 1.0"
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.9",
                    "versionStartIncluding": "5.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "ID": "CVE-2022-0016"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-755"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "N/A",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2022-0016"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-02-17T13:54Z",
      "publishedDate": "2022-02-10T18:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-0016 (GCVE-0-2022-0016)

GHSA-MRWH-MJVV-R5VH

CERTFR-2022-AVI-234

Solution

CERTFR-2022-AVI-234

Solution

CERTFR-2022-AVI-136

Solution

CERTFR-2022-AVI-136

Solution

FKIE_CVE-2022-0016

GSD-2022-0016

Tags

Sightings

Nomenclature