cvelistv5 - cve-2022-0019

CVE-2022-0019 (GCVE-0-2022-0019)

Vulnerability from cvelistv5 – Published: 2022-02-10 18:10 – Updated: 2024-09-16 20:06

Summary

An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user’s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms.

Severity ?

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-522 - Insufficiently Protected Credentials

Assigner

palo_alto

References

URL

Tags

https://security.paloaltonetworks.com/CVE-2022-0019

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Palo Alto Networks	GlobalProtect App	Affected: 5.3 , < 5.3.2 (custom) Affected: 5.2 , ≤ 5.2.7 (custom) Affected: 5.1 , < 5.1.10 (custom)

Credits

Palo Alto Networks thanks Josh Wisely and Praveen Bomma of Splunk for discovering and reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.591Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2022-0019"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Linux"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "5.3.2",
                  "status": "unaffected"
                }
              ],
              "lessThan": "5.3.2",
              "status": "affected",
              "version": "5.3",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.2.7",
              "status": "affected",
              "version": "5.2",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "5.1.10",
                  "status": "unaffected"
                }
              ],
              "lessThan": "5.1.10",
              "status": "affected",
              "version": "5.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "This issue is applicable only to GlobalProtect app users that save their user credentials for use when authenticating to a GlobalProtect portal."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks thanks Josh Wisely and Praveen Bomma of Splunk for discovering and reporting this issue."
        }
      ],
      "datePublic": "2022-02-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user\u2019s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522 Insufficiently Protected Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-10T18:10:21",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2022-0019"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in GlobalProtect app 5.1.10 on Linux, GlobalProtect app 5.3.2 on Linux, and all later GlobalProtect app versions.\n\nExisting credentials files that are exposed by this issue will be secured when the fixed GlobalProtect app is launched."
        }
      ],
      "source": {
        "defect": [
          "GPC-13843"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2022-02-09T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux",
      "workarounds": [
        {
          "lang": "en",
          "value": "Users should not save their credentials until the GlobalProtect app is upgraded to a fixed version.\n\nGlobalProtect portal administrators can prevent GlobalProtect app users from saving their credentials on the next connection to the GlobalProtect portal by preventing \u2018Save User Credentials\u2019 from the portal agent configuration as described here:\n\nhttps://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-apps/deploy-app-settings-transparently/customizable-app-settings/user-behavior-options.html"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
          "ID": "CVE-2022-0019",
          "STATE": "PUBLIC",
          "TITLE": "GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GlobalProtect App",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Linux",
                            "version_affected": "\u003c",
                            "version_name": "5.3",
                            "version_value": "5.3.2"
                          },
                          {
                            "platform": "Linux",
                            "version_affected": "\u003c=",
                            "version_name": "5.2",
                            "version_value": "5.2.7"
                          },
                          {
                            "platform": "Linux",
                            "version_affected": "!\u003e=",
                            "version_name": "5.3",
                            "version_value": "5.3.2"
                          },
                          {
                            "platform": "Linux",
                            "version_affected": "\u003c",
                            "version_name": "5.1",
                            "version_value": "5.1.10"
                          },
                          {
                            "platform": "Linux",
                            "version_affected": "!\u003e=",
                            "version_name": "5.1",
                            "version_value": "5.1.10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "This issue is applicable only to GlobalProtect app users that save their user credentials for use when authenticating to a GlobalProtect portal."
          }
        ],
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Josh Wisely and Praveen Bomma of Splunk for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user\u2019s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-522 Insufficiently Protected Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2022-0019",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2022-0019"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in GlobalProtect app 5.1.10 on Linux, GlobalProtect app 5.3.2 on Linux, and all later GlobalProtect app versions.\n\nExisting credentials files that are exposed by this issue will be secured when the fixed GlobalProtect app is launched."
          }
        ],
        "source": {
          "defect": [
            "GPC-13843"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2022-02-09T00:00:00",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "Users should not save their credentials until the GlobalProtect app is upgraded to a fixed version.\n\nGlobalProtect portal administrators can prevent GlobalProtect app users from saving their credentials on the next connection to the GlobalProtect portal by preventing \u2018Save User Credentials\u2019 from the portal agent configuration as described here:\n\nhttps://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-apps/deploy-app-settings-transparently/customizable-app-settings/user-behavior-options.html"
          }
        ],
        "x_advisoryEoL": true,
        "x_affectedList": [
          "GlobalProtect App 5.3.1",
          "GlobalProtect App 5.3.0",
          "GlobalProtect App 5.3",
          "GlobalProtect App 5.2.7",
          "GlobalProtect App 5.2.6",
          "GlobalProtect App 5.2.5",
          "GlobalProtect App 5.2.4",
          "GlobalProtect App 5.2.3",
          "GlobalProtect App 5.2.2",
          "GlobalProtect App 5.2.1",
          "GlobalProtect App 5.2.0",
          "GlobalProtect App 5.2",
          "GlobalProtect App 5.1.9",
          "GlobalProtect App 5.1.8",
          "GlobalProtect App 5.1.7",
          "GlobalProtect App 5.1.6",
          "GlobalProtect App 5.1.5",
          "GlobalProtect App 5.1.4",
          "GlobalProtect App 5.1.3",
          "GlobalProtect App 5.1.1",
          "GlobalProtect App 5.1.0",
          "GlobalProtect App 5.1"
        ],
        "x_likelyAffectedList": [
          "GlobalProtect App 5.0.10",
          "GlobalProtect App 5.0.9",
          "GlobalProtect App 5.0.8",
          "GlobalProtect App 5.0.7",
          "GlobalProtect App 5.0.6",
          "GlobalProtect App 5.0.5",
          "GlobalProtect App 5.0.4",
          "GlobalProtect App 5.0.3",
          "GlobalProtect App 5.0.2",
          "GlobalProtect App 5.0.1",
          "GlobalProtect App 5.0.0",
          "GlobalProtect App 5.0",
          "GlobalProtect App 4.1.13",
          "GlobalProtect App 4.1.12",
          "GlobalProtect App 4.1.11",
          "GlobalProtect App 4.1.10",
          "GlobalProtect App 4.1.9",
          "GlobalProtect App 4.1.8",
          "GlobalProtect App 4.1.7",
          "GlobalProtect App 4.1.6",
          "GlobalProtect App 4.1.5",
          "GlobalProtect App 4.1.4",
          "GlobalProtect App 4.1.3",
          "GlobalProtect App 4.1.2",
          "GlobalProtect App 4.1.1",
          "GlobalProtect App 4.1.0",
          "GlobalProtect App 4.1",
          "GlobalProtect App 4.0.8",
          "GlobalProtect App 4.0.7",
          "GlobalProtect App 4.0.6",
          "GlobalProtect App 4.0.5",
          "GlobalProtect App 4.0.4",
          "GlobalProtect App 4.0.3",
          "GlobalProtect App 4.0.2",
          "GlobalProtect App 4.0.0",
          "GlobalProtect App 4.0",
          "GlobalProtect App 3.1.6",
          "GlobalProtect App 3.1.5",
          "GlobalProtect App 3.1.4",
          "GlobalProtect App 3.1.3",
          "GlobalProtect App 3.1.1",
          "GlobalProtect App 3.1.0",
          "GlobalProtect App 3.1",
          "GlobalProtect App 3.0.3",
          "GlobalProtect App 3.0.2",
          "GlobalProtect App 3.0.1",
          "GlobalProtect App 3.0.0",
          "GlobalProtect App 3.0",
          "GlobalProtect App 2.3.5",
          "GlobalProtect App 2.3.4",
          "GlobalProtect App 2.3.3",
          "GlobalProtect App 2.3.2",
          "GlobalProtect App 2.3.1",
          "GlobalProtect App 2.3.0",
          "GlobalProtect App 2.3",
          "GlobalProtect App 2.2.2",
          "GlobalProtect App 2.2.1",
          "GlobalProtect App 2.2.0",
          "GlobalProtect App 2.2",
          "GlobalProtect App 2.1.4",
          "GlobalProtect App 2.1.3",
          "GlobalProtect App 2.1.2",
          "GlobalProtect App 2.1.1",
          "GlobalProtect App 2.1.0",
          "GlobalProtect App 2.1",
          "GlobalProtect App 2.0.5",
          "GlobalProtect App 2.0.4",
          "GlobalProtect App 2.0.3",
          "GlobalProtect App 2.0.2",
          "GlobalProtect App 2.0.1",
          "GlobalProtect App 2.0.0",
          "GlobalProtect App 2.0",
          "GlobalProtect App 1.2.11",
          "GlobalProtect App 1.2.10",
          "GlobalProtect App 1.2.9",
          "GlobalProtect App 1.2.8",
          "GlobalProtect App 1.2.7",
          "GlobalProtect App 1.2.6",
          "GlobalProtect App 1.2.5",
          "GlobalProtect App 1.2.4",
          "GlobalProtect App 1.2.3",
          "GlobalProtect App 1.2.2",
          "GlobalProtect App 1.2.1",
          "GlobalProtect App 1.2.0",
          "GlobalProtect App 1.2",
          "GlobalProtect App 1.1.8",
          "GlobalProtect App 1.1.7",
          "GlobalProtect App 1.1.6",
          "GlobalProtect App 1.1.5",
          "GlobalProtect App 1.1.4",
          "GlobalProtect App 1.1.3",
          "GlobalProtect App 1.1.2",
          "GlobalProtect App 1.1.1",
          "GlobalProtect App 1.1.0",
          "GlobalProtect App 1.1",
          "GlobalProtect App 1.0.8",
          "GlobalProtect App 1.0.7",
          "GlobalProtect App 1.0.5",
          "GlobalProtect App 1.0.3",
          "GlobalProtect App 1.0.1",
          "GlobalProtect App 1.0"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2022-0019",
    "datePublished": "2022-02-10T18:10:21.940684Z",
    "dateReserved": "2021-12-28T00:00:00",
    "dateUpdated": "2024-09-16T20:06:53.694Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.1\", \"versionEndExcluding\": \"5.1.10\", \"matchCriteriaId\": \"E84FC1F6-58F6-4C67-A8E9-93233865C080\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.2\", \"versionEndIncluding\": \"5.2.7\", \"matchCriteriaId\": \"E4FEBC14-2794-48FB-B210-5E720254E7B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.3\", \"versionEndExcluding\": \"5.3.2\", \"matchCriteriaId\": \"3170EC23-3410-43B0-8D72-48297059954A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user\\u2019s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de credenciales insuficientemente protegidas en GlobalProtect app de Palo Alto Networks en Linux que expone las credenciales con hash de los usuarios de GlobalProtect que guardaron su contrase\\u00f1a durante sesiones anteriores de GlobalProtect app a otros usuarios locales del sistema. Las credenciales expuestas permiten a un atacante local autenticarse en el portal o la puerta de enlace de GlobalProtect como el usuario de destino sin conocer la contrase\\u00f1a en texto plano del usuario de destino. Este problema afecta: GlobalProtect app 5.1 versiones anteriores a GlobalProtect app 5.1.10 en Linux. GlobalProtect app versiones 5.2 anteriores a GlobalProtect app 5.2.7 en Linux. GlobalProtect app versiones 5.3 anteriores a GlobalProtect app 5.3.2 en Linux. Este problema no afecta a GlobalProtect app en otras plataformas\"}]",
      "id": "CVE-2022-0019",
      "lastModified": "2024-11-21T06:37:49.870",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@paloaltonetworks.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 4.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.0, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 1.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.4, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-02-10T18:15:08.687",
      "references": "[{\"url\": \"https://security.paloaltonetworks.com/CVE-2022-0019\", \"source\": \"psirt@paloaltonetworks.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.paloaltonetworks.com/CVE-2022-0019\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@paloaltonetworks.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"psirt@paloaltonetworks.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-0019\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2022-02-10T18:15:08.687\",\"lastModified\":\"2024-11-21T06:37:49.870\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user\u2019s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de credenciales insuficientemente protegidas en GlobalProtect app de Palo Alto Networks en Linux que expone las credenciales con hash de los usuarios de GlobalProtect que guardaron su contrase\u00f1a durante sesiones anteriores de GlobalProtect app a otros usuarios locales del sistema. Las credenciales expuestas permiten a un atacante local autenticarse en el portal o la puerta de enlace de GlobalProtect como el usuario de destino sin conocer la contrase\u00f1a en texto plano del usuario de destino. Este problema afecta: GlobalProtect app 5.1 versiones anteriores a GlobalProtect app 5.1.10 en Linux. GlobalProtect app versiones 5.2 anteriores a GlobalProtect app 5.2.7 en Linux. GlobalProtect app versiones 5.3 anteriores a GlobalProtect app 5.3.2 en Linux. Este problema no afecta a GlobalProtect app en otras plataformas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.0,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":1.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.1\",\"versionEndExcluding\":\"5.1.10\",\"matchCriteriaId\":\"E84FC1F6-58F6-4C67-A8E9-93233865C080\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.2\",\"versionEndIncluding\":\"5.2.7\",\"matchCriteriaId\":\"E4FEBC14-2794-48FB-B210-5E720254E7B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.3\",\"versionEndExcluding\":\"5.3.2\",\"matchCriteriaId\":\"3170EC23-3410-43B0-8D72-48297059954A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2022-0019\",\"source\":\"psirt@paloaltonetworks.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2022-0019\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2022-0019

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-0019

Aliases

CVE-2022-0019

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-0019",
    "description": "An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user\u2019s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms.",
    "id": "GSD-2022-0019"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-0019"
      ],
      "details": "An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user\u2019s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms.",
      "id": "GSD-2022-0019",
      "modified": "2023-12-13T01:19:11.221812Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@paloaltonetworks.com",
        "DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
        "ID": "CVE-2022-0019",
        "STATE": "PUBLIC",
        "TITLE": "GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "GlobalProtect App",
                    "version": {
                      "version_data": [
                        {
                          "platform": "Linux",
                          "version_affected": "\u003c",
                          "version_name": "5.3",
                          "version_value": "5.3.2"
                        },
                        {
                          "platform": "Linux",
                          "version_affected": "\u003c=",
                          "version_name": "5.2",
                          "version_value": "5.2.7"
                        },
                        {
                          "platform": "Linux",
                          "version_affected": "!\u003e=",
                          "version_name": "5.3",
                          "version_value": "5.3.2"
                        },
                        {
                          "platform": "Linux",
                          "version_affected": "\u003c",
                          "version_name": "5.1",
                          "version_value": "5.1.10"
                        },
                        {
                          "platform": "Linux",
                          "version_affected": "!\u003e=",
                          "version_name": "5.1",
                          "version_value": "5.1.10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Palo Alto Networks"
            }
          ]
        }
      },
      "configuration": [
        {
          "lang": "eng",
          "value": "This issue is applicable only to GlobalProtect app users that save their user credentials for use when authenticating to a GlobalProtect portal."
        }
      ],
      "credit": [
        {
          "lang": "eng",
          "value": "Palo Alto Networks thanks Josh Wisely and Praveen Bomma of Splunk for discovering and reporting this issue."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user\u2019s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-522 Insufficiently Protected Credentials"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security.paloaltonetworks.com/CVE-2022-0019",
            "refsource": "MISC",
            "url": "https://security.paloaltonetworks.com/CVE-2022-0019"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "This issue is fixed in GlobalProtect app 5.1.10 on Linux, GlobalProtect app 5.3.2 on Linux, and all later GlobalProtect app versions.\n\nExisting credentials files that are exposed by this issue will be secured when the fixed GlobalProtect app is launched."
        }
      ],
      "source": {
        "defect": [
          "GPC-13843"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "eng",
          "time": "2022-02-09T17:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "work_around": [
        {
          "lang": "eng",
          "value": "Users should not save their credentials until the GlobalProtect app is upgraded to a fixed version.\n\nGlobalProtect portal administrators can prevent GlobalProtect app users from saving their credentials on the next connection to the GlobalProtect portal by preventing \u2018Save User Credentials\u2019 from the portal agent configuration as described here:\n\nhttps://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-apps/deploy-app-settings-transparently/customizable-app-settings/user-behavior-options.html\n"
        }
      ],
      "x_advisoryEoL": true,
      "x_affectedList": [
        "GlobalProtect App 5.3.1",
        "GlobalProtect App 5.3.0",
        "GlobalProtect App 5.3",
        "GlobalProtect App 5.2.7",
        "GlobalProtect App 5.2.6",
        "GlobalProtect App 5.2.5",
        "GlobalProtect App 5.2.4",
        "GlobalProtect App 5.2.3",
        "GlobalProtect App 5.2.2",
        "GlobalProtect App 5.2.1",
        "GlobalProtect App 5.2.0",
        "GlobalProtect App 5.2",
        "GlobalProtect App 5.1.9",
        "GlobalProtect App 5.1.8",
        "GlobalProtect App 5.1.7",
        "GlobalProtect App 5.1.6",
        "GlobalProtect App 5.1.5",
        "GlobalProtect App 5.1.4",
        "GlobalProtect App 5.1.3",
        "GlobalProtect App 5.1.1",
        "GlobalProtect App 5.1.0",
        "GlobalProtect App 5.1"
      ],
      "x_likelyAffectedList": [
        "GlobalProtect App 5.0.10",
        "GlobalProtect App 5.0.9",
        "GlobalProtect App 5.0.8",
        "GlobalProtect App 5.0.7",
        "GlobalProtect App 5.0.6",
        "GlobalProtect App 5.0.5",
        "GlobalProtect App 5.0.4",
        "GlobalProtect App 5.0.3",
        "GlobalProtect App 5.0.2",
        "GlobalProtect App 5.0.1",
        "GlobalProtect App 5.0.0",
        "GlobalProtect App 5.0",
        "GlobalProtect App 4.1.13",
        "GlobalProtect App 4.1.12",
        "GlobalProtect App 4.1.11",
        "GlobalProtect App 4.1.10",
        "GlobalProtect App 4.1.9",
        "GlobalProtect App 4.1.8",
        "GlobalProtect App 4.1.7",
        "GlobalProtect App 4.1.6",
        "GlobalProtect App 4.1.5",
        "GlobalProtect App 4.1.4",
        "GlobalProtect App 4.1.3",
        "GlobalProtect App 4.1.2",
        "GlobalProtect App 4.1.1",
        "GlobalProtect App 4.1.0",
        "GlobalProtect App 4.1",
        "GlobalProtect App 4.0.8",
        "GlobalProtect App 4.0.7",
        "GlobalProtect App 4.0.6",
        "GlobalProtect App 4.0.5",
        "GlobalProtect App 4.0.4",
        "GlobalProtect App 4.0.3",
        "GlobalProtect App 4.0.2",
        "GlobalProtect App 4.0.0",
        "GlobalProtect App 4.0",
        "GlobalProtect App 3.1.6",
        "GlobalProtect App 3.1.5",
        "GlobalProtect App 3.1.4",
        "GlobalProtect App 3.1.3",
        "GlobalProtect App 3.1.1",
        "GlobalProtect App 3.1.0",
        "GlobalProtect App 3.1",
        "GlobalProtect App 3.0.3",
        "GlobalProtect App 3.0.2",
        "GlobalProtect App 3.0.1",
        "GlobalProtect App 3.0.0",
        "GlobalProtect App 3.0",
        "GlobalProtect App 2.3.5",
        "GlobalProtect App 2.3.4",
        "GlobalProtect App 2.3.3",
        "GlobalProtect App 2.3.2",
        "GlobalProtect App 2.3.1",
        "GlobalProtect App 2.3.0",
        "GlobalProtect App 2.3",
        "GlobalProtect App 2.2.2",
        "GlobalProtect App 2.2.1",
        "GlobalProtect App 2.2.0",
        "GlobalProtect App 2.2",
        "GlobalProtect App 2.1.4",
        "GlobalProtect App 2.1.3",
        "GlobalProtect App 2.1.2",
        "GlobalProtect App 2.1.1",
        "GlobalProtect App 2.1.0",
        "GlobalProtect App 2.1",
        "GlobalProtect App 2.0.5",
        "GlobalProtect App 2.0.4",
        "GlobalProtect App 2.0.3",
        "GlobalProtect App 2.0.2",
        "GlobalProtect App 2.0.1",
        "GlobalProtect App 2.0.0",
        "GlobalProtect App 2.0",
        "GlobalProtect App 1.2.11",
        "GlobalProtect App 1.2.10",
        "GlobalProtect App 1.2.9",
        "GlobalProtect App 1.2.8",
        "GlobalProtect App 1.2.7",
        "GlobalProtect App 1.2.6",
        "GlobalProtect App 1.2.5",
        "GlobalProtect App 1.2.4",
        "GlobalProtect App 1.2.3",
        "GlobalProtect App 1.2.2",
        "GlobalProtect App 1.2.1",
        "GlobalProtect App 1.2.0",
        "GlobalProtect App 1.2",
        "GlobalProtect App 1.1.8",
        "GlobalProtect App 1.1.7",
        "GlobalProtect App 1.1.6",
        "GlobalProtect App 1.1.5",
        "GlobalProtect App 1.1.4",
        "GlobalProtect App 1.1.3",
        "GlobalProtect App 1.1.2",
        "GlobalProtect App 1.1.1",
        "GlobalProtect App 1.1.0",
        "GlobalProtect App 1.1",
        "GlobalProtect App 1.0.8",
        "GlobalProtect App 1.0.7",
        "GlobalProtect App 1.0.5",
        "GlobalProtect App 1.0.3",
        "GlobalProtect App 1.0.1",
        "GlobalProtect App 1.0"
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.1.10",
                    "versionStartIncluding": "5.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.2.7",
                    "versionStartIncluding": "5.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.3.2",
                    "versionStartIncluding": "5.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "ID": "CVE-2022-0019"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user\u2019s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "N/A",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2022-0019"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-02-17T15:25Z",
      "publishedDate": "2022-02-10T18:15Z"
    }
  }
}

CERTFR-2022-AVI-136

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.1.x antérieures à 5.1.10 sur Windows, MacOS et Linux
Palo Alto Networks	PAN-OS	PAN-OS versions 9.1.x antérieures à 9.1.12
Palo Alto Networks	Cortex XSOAR	Cortex XSOAR 6.2.0 versions antérieures à 1958888
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.3.x antérieures à 5.3.2 sur Linux
Palo Alto Networks	Cortex XSOAR	Cortex XSOAR 6.1.0 toutes versions
Palo Alto Networks	Prisma Access	Prisma Access 2.2 Preferred toutes versions
Palo Alto Networks	PAN-OS	PAN-OS versions 8.1.x antérieures à 8.1.21
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.2.x antérieures à 5.2.9 sur Windows et MacOS
Palo Alto Networks	PAN-OS	PAN-OS versions 10.0.x antérieures à 10.0.8
Palo Alto Networks	PAN-OS	PAN-OS versions 10.1.x antérieures à 10.1.3
Palo Alto Networks	PAN-OS	PAN-OS versions 9.0.x toutes versions
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.2.x à 5.2.7 sur Linux
Palo Alto Networks	Prisma Access	Prisma Access 2.1 Preferred et Innovation toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2022-0018 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0017 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0019 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0020 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0011 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0016 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0021 du 09 février 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "GlobalProtect App versions 5.1.x ant\u00e9rieures \u00e0 5.1.10 sur Windows, MacOS et Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.12",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XSOAR 6.2.0 versions ant\u00e9rieures \u00e0 1958888",
      "product": {
        "name": "Cortex XSOAR",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.3.x ant\u00e9rieures \u00e0 5.3.2 sur Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XSOAR 6.1.0 toutes versions",
      "product": {
        "name": "Cortex XSOAR",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access 2.2 Preferred toutes versions",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 8.1.x ant\u00e9rieures \u00e0 8.1.21",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.2.x ant\u00e9rieures \u00e0 5.2.9 sur Windows et MacOS",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.0.x ant\u00e9rieures \u00e0 10.0.8",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.3",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 9.0.x toutes versions",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.2.x \u00e0 5.2.7 sur Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access 2.1 Preferred et Innovation toutes versions",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-0018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0018"
    },
    {
      "name": "CVE-2022-0019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0019"
    },
    {
      "name": "CVE-2022-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0021"
    },
    {
      "name": "CVE-2022-0011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0011"
    },
    {
      "name": "CVE-2022-0016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0016"
    },
    {
      "name": "CVE-2022-0017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0017"
    },
    {
      "name": "CVE-2022-0020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0020"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-136",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo\nAlto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0018 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0018"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0017 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0017"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0019 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0019"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0020 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0020"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0011 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0011"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0016 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0016"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0021 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0021"
    }
  ]
}

CERTFR-2022-AVI-136

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.1.x antérieures à 5.1.10 sur Windows, MacOS et Linux
Palo Alto Networks	PAN-OS	PAN-OS versions 9.1.x antérieures à 9.1.12
Palo Alto Networks	Cortex XSOAR	Cortex XSOAR 6.2.0 versions antérieures à 1958888
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.3.x antérieures à 5.3.2 sur Linux
Palo Alto Networks	Cortex XSOAR	Cortex XSOAR 6.1.0 toutes versions
Palo Alto Networks	Prisma Access	Prisma Access 2.2 Preferred toutes versions
Palo Alto Networks	PAN-OS	PAN-OS versions 8.1.x antérieures à 8.1.21
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.2.x antérieures à 5.2.9 sur Windows et MacOS
Palo Alto Networks	PAN-OS	PAN-OS versions 10.0.x antérieures à 10.0.8
Palo Alto Networks	PAN-OS	PAN-OS versions 10.1.x antérieures à 10.1.3
Palo Alto Networks	PAN-OS	PAN-OS versions 9.0.x toutes versions
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.2.x à 5.2.7 sur Linux
Palo Alto Networks	Prisma Access	Prisma Access 2.1 Preferred et Innovation toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2022-0018 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0017 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0019 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0020 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0011 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0016 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0021 du 09 février 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "GlobalProtect App versions 5.1.x ant\u00e9rieures \u00e0 5.1.10 sur Windows, MacOS et Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.12",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XSOAR 6.2.0 versions ant\u00e9rieures \u00e0 1958888",
      "product": {
        "name": "Cortex XSOAR",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.3.x ant\u00e9rieures \u00e0 5.3.2 sur Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XSOAR 6.1.0 toutes versions",
      "product": {
        "name": "Cortex XSOAR",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access 2.2 Preferred toutes versions",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 8.1.x ant\u00e9rieures \u00e0 8.1.21",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.2.x ant\u00e9rieures \u00e0 5.2.9 sur Windows et MacOS",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.0.x ant\u00e9rieures \u00e0 10.0.8",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.3",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 9.0.x toutes versions",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.2.x \u00e0 5.2.7 sur Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access 2.1 Preferred et Innovation toutes versions",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-0018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0018"
    },
    {
      "name": "CVE-2022-0019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0019"
    },
    {
      "name": "CVE-2022-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0021"
    },
    {
      "name": "CVE-2022-0011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0011"
    },
    {
      "name": "CVE-2022-0016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0016"
    },
    {
      "name": "CVE-2022-0017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0017"
    },
    {
      "name": "CVE-2022-0020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0020"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-136",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo\nAlto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0018 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0018"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0017 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0017"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0019 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0019"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0020 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0020"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0011 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0011"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0016 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0016"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0021 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0021"
    }
  ]
}

GHSA-W348-J94X-QJH2

Vulnerability from github – Published: 2022-02-11 00:00 – Updated: 2022-02-18 00:00

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-0019"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-10T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user\u2019s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms.",
  "id": "GHSA-w348-j94x-qjh2",
  "modified": "2022-02-18T00:00:58Z",
  "published": "2022-02-11T00:00:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0019"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0019"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2022-0019

Vulnerability from fkie_nvd - Published: 2022-02-10 18:15 - Updated: 2024-11-21 06:37

Severity ?

4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	psirt@paloaltonetworks.com	https://security.paloaltonetworks.com/CVE-2022-0019	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://security.paloaltonetworks.com/CVE-2022-0019	Vendor Advisory

Impacted products

Vendor	Product	Version
paloaltonetworks	globalprotect	*
paloaltonetworks	globalprotect	*
paloaltonetworks	globalprotect	*
linux	linux_kernel	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E84FC1F6-58F6-4C67-A8E9-93233865C080",
              "versionEndExcluding": "5.1.10",
              "versionStartIncluding": "5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4FEBC14-2794-48FB-B210-5E720254E7B8",
              "versionEndIncluding": "5.2.7",
              "versionStartIncluding": "5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3170EC23-3410-43B0-8D72-48297059954A",
              "versionEndExcluding": "5.3.2",
              "versionStartIncluding": "5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user\u2019s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de credenciales insuficientemente protegidas en GlobalProtect app de Palo Alto Networks en Linux que expone las credenciales con hash de los usuarios de GlobalProtect que guardaron su contrase\u00f1a durante sesiones anteriores de GlobalProtect app a otros usuarios locales del sistema. Las credenciales expuestas permiten a un atacante local autenticarse en el portal o la puerta de enlace de GlobalProtect como el usuario de destino sin conocer la contrase\u00f1a en texto plano del usuario de destino. Este problema afecta: GlobalProtect app 5.1 versiones anteriores a GlobalProtect app 5.1.10 en Linux. GlobalProtect app versiones 5.2 anteriores a GlobalProtect app 5.2.7 en Linux. GlobalProtect app versiones 5.3 anteriores a GlobalProtect app 5.3.2 en Linux. Este problema no afecta a GlobalProtect app en otras plataformas"
    }
  ],
  "id": "CVE-2022-0019",
  "lastModified": "2024-11-21T06:37:49.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.6,
        "source": "psirt@paloaltonetworks.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-02-10T18:15:08.687",
  "references": [
    {
      "source": "psirt@paloaltonetworks.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2022-0019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2022-0019"
    }
  ],
  "sourceIdentifier": "psirt@paloaltonetworks.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "psirt@paloaltonetworks.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-0019 (GCVE-0-2022-0019)

GSD-2022-0019

CERTFR-2022-AVI-136

Solution

CERTFR-2022-AVI-136

Solution

GHSA-W348-J94X-QJH2

FKIE_CVE-2022-0019

Tags

Sightings

Nomenclature