cvelistv5 - cve-2022-0021

CVE-2022-0021 (GCVE-0-2022-0021)

Vulnerability from cvelistv5 – Published: 2022-02-10 18:10 – Updated: 2024-09-16 19:20

Summary

An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms.

Severity ?

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-532 - Information Exposure Through Log Files

Assigner

palo_alto

References

URL

Tags

https://security.paloaltonetworks.com/CVE-2022-0021

x_refsource_MISC

Impacted products

Vendor

Product

Version

Palo Alto Networks

GlobalProtect App

Affected: 5.2 , < 5.2.9 (custom)

Palo Alto Networks

GlobalProtect App

Unaffected: 5.1.*
Unaffected: 5.3.*

Credits

This issue was found by Rutger Truyers of Palo Alto Networks during internal security review.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2022-0021"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Windows"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "5.2.9",
                  "status": "unaffected"
                }
              ],
              "lessThan": "5.2.9",
              "status": "affected",
              "version": "5.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "5.1.*"
            },
            {
              "status": "unaffected",
              "version": "5.3.*"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "This issue is applicable only to devices configured to use the GlobalProtect Connect Before Logon feature."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was found by Rutger Truyers of Palo Alto Networks during internal security review."
        }
      ],
      "datePublic": "2022-02-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532 Information Exposure Through Log Files",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-10T18:10:24",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2022-0021"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in GlobalProtect app 5.2.9 on Windows and all later GlobalProtect app versions."
        }
      ],
      "source": {
        "defect": [
          "GPC-13888"
        ],
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2022-02-09T00:00:00",
          "value": "Initial publication"
        }
      ],
      "title": "GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
          "ID": "CVE-2022-0021",
          "STATE": "PUBLIC",
          "TITLE": "GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GlobalProtect App",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c",
                            "version_name": "5.2",
                            "version_value": "5.2.9"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "5.2",
                            "version_value": "5.2.9"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "5.1",
                            "version_value": "5.1.*"
                          },
                          {
                            "version_affected": "!",
                            "version_name": "5.3",
                            "version_value": "5.3.*"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "This issue is applicable only to devices configured to use the GlobalProtect Connect Before Logon feature."
          }
        ],
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was found by Rutger Truyers of Palo Alto Networks during internal security review."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-532 Information Exposure Through Log Files"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2022-0021",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2022-0021"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in GlobalProtect app 5.2.9 on Windows and all later GlobalProtect app versions."
          }
        ],
        "source": {
          "defect": [
            "GPC-13888"
          ],
          "discovery": "INTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2022-02-09T00:00:00",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "There are no known workarounds for this issue."
          }
        ],
        "x_advisoryEoL": true,
        "x_affectedList": [
          "GlobalProtect App 5.2.8",
          "GlobalProtect App 5.2.7",
          "GlobalProtect App 5.2.6",
          "GlobalProtect App 5.2.5",
          "GlobalProtect App 5.2.4",
          "GlobalProtect App 5.2.3",
          "GlobalProtect App 5.2.2",
          "GlobalProtect App 5.2.1",
          "GlobalProtect App 5.2.0",
          "GlobalProtect App 5.2"
        ],
        "x_likelyAffectedList": [
          "GlobalProtect App 5.0.10",
          "GlobalProtect App 5.0.9",
          "GlobalProtect App 5.0.8",
          "GlobalProtect App 5.0.7",
          "GlobalProtect App 5.0.6",
          "GlobalProtect App 5.0.5",
          "GlobalProtect App 5.0.4",
          "GlobalProtect App 5.0.3",
          "GlobalProtect App 5.0.2",
          "GlobalProtect App 5.0.1",
          "GlobalProtect App 5.0.0",
          "GlobalProtect App 5.0",
          "GlobalProtect App 4.1.13",
          "GlobalProtect App 4.1.12",
          "GlobalProtect App 4.1.11",
          "GlobalProtect App 4.1.10",
          "GlobalProtect App 4.1.9",
          "GlobalProtect App 4.1.8",
          "GlobalProtect App 4.1.7",
          "GlobalProtect App 4.1.6",
          "GlobalProtect App 4.1.5",
          "GlobalProtect App 4.1.4",
          "GlobalProtect App 4.1.3",
          "GlobalProtect App 4.1.2",
          "GlobalProtect App 4.1.1",
          "GlobalProtect App 4.1.0",
          "GlobalProtect App 4.1",
          "GlobalProtect App 4.0.8",
          "GlobalProtect App 4.0.7",
          "GlobalProtect App 4.0.6",
          "GlobalProtect App 4.0.5",
          "GlobalProtect App 4.0.4",
          "GlobalProtect App 4.0.3",
          "GlobalProtect App 4.0.2",
          "GlobalProtect App 4.0.0",
          "GlobalProtect App 4.0",
          "GlobalProtect App 3.1.6",
          "GlobalProtect App 3.1.5",
          "GlobalProtect App 3.1.4",
          "GlobalProtect App 3.1.3",
          "GlobalProtect App 3.1.1",
          "GlobalProtect App 3.1.0",
          "GlobalProtect App 3.1",
          "GlobalProtect App 3.0.3",
          "GlobalProtect App 3.0.2",
          "GlobalProtect App 3.0.1",
          "GlobalProtect App 3.0.0",
          "GlobalProtect App 3.0",
          "GlobalProtect App 2.3.5",
          "GlobalProtect App 2.3.4",
          "GlobalProtect App 2.3.3",
          "GlobalProtect App 2.3.2",
          "GlobalProtect App 2.3.1",
          "GlobalProtect App 2.3.0",
          "GlobalProtect App 2.3",
          "GlobalProtect App 2.2.2",
          "GlobalProtect App 2.2.1",
          "GlobalProtect App 2.2.0",
          "GlobalProtect App 2.2",
          "GlobalProtect App 2.1.4",
          "GlobalProtect App 2.1.3",
          "GlobalProtect App 2.1.2",
          "GlobalProtect App 2.1.1",
          "GlobalProtect App 2.1.0",
          "GlobalProtect App 2.1",
          "GlobalProtect App 2.0.5",
          "GlobalProtect App 2.0.4",
          "GlobalProtect App 2.0.3",
          "GlobalProtect App 2.0.2",
          "GlobalProtect App 2.0.1",
          "GlobalProtect App 2.0.0",
          "GlobalProtect App 2.0",
          "GlobalProtect App 1.2.11",
          "GlobalProtect App 1.2.10",
          "GlobalProtect App 1.2.9",
          "GlobalProtect App 1.2.8",
          "GlobalProtect App 1.2.7",
          "GlobalProtect App 1.2.6",
          "GlobalProtect App 1.2.5",
          "GlobalProtect App 1.2.4",
          "GlobalProtect App 1.2.3",
          "GlobalProtect App 1.2.2",
          "GlobalProtect App 1.2.1",
          "GlobalProtect App 1.2.0",
          "GlobalProtect App 1.2",
          "GlobalProtect App 1.1.8",
          "GlobalProtect App 1.1.7",
          "GlobalProtect App 1.1.6",
          "GlobalProtect App 1.1.5",
          "GlobalProtect App 1.1.4",
          "GlobalProtect App 1.1.3",
          "GlobalProtect App 1.1.2",
          "GlobalProtect App 1.1.1",
          "GlobalProtect App 1.1.0",
          "GlobalProtect App 1.1",
          "GlobalProtect App 1.0.8",
          "GlobalProtect App 1.0.7",
          "GlobalProtect App 1.0.5",
          "GlobalProtect App 1.0.3",
          "GlobalProtect App 1.0.1",
          "GlobalProtect App 1.0"
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2022-0021",
    "datePublished": "2022-02-10T18:10:24.695182Z",
    "dateReserved": "2021-12-28T00:00:00",
    "dateUpdated": "2024-09-16T19:20:33.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.2\", \"versionEndExcluding\": \"5.2.9\", \"matchCriteriaId\": \"84B6241D-4456-4DC4-9767-3E608BCA0972\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de exposici\\u00f3n de informaci\\u00f3n mediante archivos de registro en GlobalProtect app de Palo Alto Networks en Windows que registra las credenciales en texto sin cifrar del usuario de GlobalProtect que es conectado cuando es autenticado usando la funci\\u00f3n Connect Before Logon. Este problema afecta a GlobalProtect App versiones 5.2 anteriores a 5.2.9 en Windows. Este problema no afecta a GlobalProtect app en otras plataformas\"}]",
      "id": "CVE-2022-0021",
      "lastModified": "2024-11-21T06:37:50.133",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@paloaltonetworks.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 3.3, \"baseSeverity\": \"LOW\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 1.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.4, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-02-10T18:15:08.803",
      "references": "[{\"url\": \"https://security.paloaltonetworks.com/CVE-2022-0021\", \"source\": \"psirt@paloaltonetworks.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.paloaltonetworks.com/CVE-2022-0021\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@paloaltonetworks.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"psirt@paloaltonetworks.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-532\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-532\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-0021\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2022-02-10T18:15:08.803\",\"lastModified\":\"2024-11-21T06:37:50.133\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de exposici\u00f3n de informaci\u00f3n mediante archivos de registro en GlobalProtect app de Palo Alto Networks en Windows que registra las credenciales en texto sin cifrar del usuario de GlobalProtect que es conectado cuando es autenticado usando la funci\u00f3n Connect Before Logon. Este problema afecta a GlobalProtect App versiones 5.2 anteriores a 5.2.9 en Windows. Este problema no afecta a GlobalProtect app en otras plataformas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":1.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.2\",\"versionEndExcluding\":\"5.2.9\",\"matchCriteriaId\":\"84B6241D-4456-4DC4-9767-3E608BCA0972\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2022-0021\",\"source\":\"psirt@paloaltonetworks.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2022-0021\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2022-AVI-136

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.1.x antérieures à 5.1.10 sur Windows, MacOS et Linux
Palo Alto Networks	PAN-OS	PAN-OS versions 9.1.x antérieures à 9.1.12
Palo Alto Networks	Cortex XSOAR	Cortex XSOAR 6.2.0 versions antérieures à 1958888
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.3.x antérieures à 5.3.2 sur Linux
Palo Alto Networks	Cortex XSOAR	Cortex XSOAR 6.1.0 toutes versions
Palo Alto Networks	Prisma Access	Prisma Access 2.2 Preferred toutes versions
Palo Alto Networks	PAN-OS	PAN-OS versions 8.1.x antérieures à 8.1.21
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.2.x antérieures à 5.2.9 sur Windows et MacOS
Palo Alto Networks	PAN-OS	PAN-OS versions 10.0.x antérieures à 10.0.8
Palo Alto Networks	PAN-OS	PAN-OS versions 10.1.x antérieures à 10.1.3
Palo Alto Networks	PAN-OS	PAN-OS versions 9.0.x toutes versions
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.2.x à 5.2.7 sur Linux
Palo Alto Networks	Prisma Access	Prisma Access 2.1 Preferred et Innovation toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2022-0018 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0017 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0019 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0020 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0011 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0016 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0021 du 09 février 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "GlobalProtect App versions 5.1.x ant\u00e9rieures \u00e0 5.1.10 sur Windows, MacOS et Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.12",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XSOAR 6.2.0 versions ant\u00e9rieures \u00e0 1958888",
      "product": {
        "name": "Cortex XSOAR",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.3.x ant\u00e9rieures \u00e0 5.3.2 sur Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XSOAR 6.1.0 toutes versions",
      "product": {
        "name": "Cortex XSOAR",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access 2.2 Preferred toutes versions",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 8.1.x ant\u00e9rieures \u00e0 8.1.21",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.2.x ant\u00e9rieures \u00e0 5.2.9 sur Windows et MacOS",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.0.x ant\u00e9rieures \u00e0 10.0.8",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.3",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 9.0.x toutes versions",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.2.x \u00e0 5.2.7 sur Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access 2.1 Preferred et Innovation toutes versions",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-0018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0018"
    },
    {
      "name": "CVE-2022-0019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0019"
    },
    {
      "name": "CVE-2022-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0021"
    },
    {
      "name": "CVE-2022-0011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0011"
    },
    {
      "name": "CVE-2022-0016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0016"
    },
    {
      "name": "CVE-2022-0017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0017"
    },
    {
      "name": "CVE-2022-0020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0020"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-136",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo\nAlto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0018 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0018"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0017 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0017"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0019 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0019"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0020 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0020"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0011 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0011"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0016 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0016"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0021 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0021"
    }
  ]
}

CERTFR-2022-AVI-136

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.1.x antérieures à 5.1.10 sur Windows, MacOS et Linux
Palo Alto Networks	PAN-OS	PAN-OS versions 9.1.x antérieures à 9.1.12
Palo Alto Networks	Cortex XSOAR	Cortex XSOAR 6.2.0 versions antérieures à 1958888
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.3.x antérieures à 5.3.2 sur Linux
Palo Alto Networks	Cortex XSOAR	Cortex XSOAR 6.1.0 toutes versions
Palo Alto Networks	Prisma Access	Prisma Access 2.2 Preferred toutes versions
Palo Alto Networks	PAN-OS	PAN-OS versions 8.1.x antérieures à 8.1.21
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.2.x antérieures à 5.2.9 sur Windows et MacOS
Palo Alto Networks	PAN-OS	PAN-OS versions 10.0.x antérieures à 10.0.8
Palo Alto Networks	PAN-OS	PAN-OS versions 10.1.x antérieures à 10.1.3
Palo Alto Networks	PAN-OS	PAN-OS versions 9.0.x toutes versions
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.2.x à 5.2.7 sur Linux
Palo Alto Networks	Prisma Access	Prisma Access 2.1 Preferred et Innovation toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2022-0018 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0017 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0019 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0020 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0011 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0016 du 09 février 2022	None	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2022-0021 du 09 février 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "GlobalProtect App versions 5.1.x ant\u00e9rieures \u00e0 5.1.10 sur Windows, MacOS et Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.12",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XSOAR 6.2.0 versions ant\u00e9rieures \u00e0 1958888",
      "product": {
        "name": "Cortex XSOAR",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.3.x ant\u00e9rieures \u00e0 5.3.2 sur Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XSOAR 6.1.0 toutes versions",
      "product": {
        "name": "Cortex XSOAR",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access 2.2 Preferred toutes versions",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 8.1.x ant\u00e9rieures \u00e0 8.1.21",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.2.x ant\u00e9rieures \u00e0 5.2.9 sur Windows et MacOS",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.0.x ant\u00e9rieures \u00e0 10.0.8",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.3",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 9.0.x toutes versions",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.2.x \u00e0 5.2.7 sur Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access 2.1 Preferred et Innovation toutes versions",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-0018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0018"
    },
    {
      "name": "CVE-2022-0019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0019"
    },
    {
      "name": "CVE-2022-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0021"
    },
    {
      "name": "CVE-2022-0011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0011"
    },
    {
      "name": "CVE-2022-0016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0016"
    },
    {
      "name": "CVE-2022-0017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0017"
    },
    {
      "name": "CVE-2022-0020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0020"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-136",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo\nAlto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0018 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0018"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0017 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0017"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0019 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0019"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0020 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0020"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0011 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0011"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0016 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0016"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2022-0021 du 09 f\u00e9vrier 2022",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0021"
    }
  ]
}

GHSA-C8Q6-G23P-58GH

Vulnerability from github – Published: 2022-02-11 00:00 – Updated: 2022-02-18 00:00

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-0021"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-10T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms.",
  "id": "GHSA-c8q6-g23p-58gh",
  "modified": "2022-02-18T00:00:55Z",
  "published": "2022-02-11T00:00:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0021"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2022-0021"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2022-0021

Vulnerability from fkie_nvd - Published: 2022-02-10 18:15 - Updated: 2024-11-21 06:37

Severity ?

3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	psirt@paloaltonetworks.com	https://security.paloaltonetworks.com/CVE-2022-0021	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://security.paloaltonetworks.com/CVE-2022-0021	Vendor Advisory

Impacted products

	Vendor	Product	Version
	paloaltonetworks	globalprotect	*
	microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84B6241D-4456-4DC4-9767-3E608BCA0972",
              "versionEndExcluding": "5.2.9",
              "versionStartIncluding": "5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de exposici\u00f3n de informaci\u00f3n mediante archivos de registro en GlobalProtect app de Palo Alto Networks en Windows que registra las credenciales en texto sin cifrar del usuario de GlobalProtect que es conectado cuando es autenticado usando la funci\u00f3n Connect Before Logon. Este problema afecta a GlobalProtect App versiones 5.2 anteriores a 5.2.9 en Windows. Este problema no afecta a GlobalProtect app en otras plataformas"
    }
  ],
  "id": "CVE-2022-0021",
  "lastModified": "2024-11-21T06:37:50.133",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "psirt@paloaltonetworks.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-02-10T18:15:08.803",
  "references": [
    {
      "source": "psirt@paloaltonetworks.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2022-0021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2022-0021"
    }
  ],
  "sourceIdentifier": "psirt@paloaltonetworks.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "psirt@paloaltonetworks.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2022-0021

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-0021

Aliases

CVE-2022-0021

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-0021",
    "description": "An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms.",
    "id": "GSD-2022-0021"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-0021"
      ],
      "details": "An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms.",
      "id": "GSD-2022-0021",
      "modified": "2023-12-13T01:19:11.596075Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@paloaltonetworks.com",
        "DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
        "ID": "CVE-2022-0021",
        "STATE": "PUBLIC",
        "TITLE": "GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "GlobalProtect App",
                    "version": {
                      "version_data": [
                        {
                          "platform": "Windows",
                          "version_affected": "\u003c",
                          "version_name": "5.2",
                          "version_value": "5.2.9"
                        },
                        {
                          "platform": "Windows",
                          "version_affected": "!\u003e=",
                          "version_name": "5.2",
                          "version_value": "5.2.9"
                        },
                        {
                          "version_affected": "!",
                          "version_name": "5.1",
                          "version_value": "5.1.*"
                        },
                        {
                          "version_affected": "!",
                          "version_name": "5.3",
                          "version_value": "5.3.*"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Palo Alto Networks"
            }
          ]
        }
      },
      "configuration": [
        {
          "lang": "eng",
          "value": "This issue is applicable only to devices configured to use the GlobalProtect Connect Before Logon feature."
        }
      ],
      "credit": [
        {
          "lang": "eng",
          "value": "This issue was found by Rutger Truyers of Palo Alto Networks during internal security review."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-532 Information Exposure Through Log Files"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security.paloaltonetworks.com/CVE-2022-0021",
            "refsource": "MISC",
            "url": "https://security.paloaltonetworks.com/CVE-2022-0021"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "This issue is fixed in GlobalProtect app 5.2.9 on Windows and all later GlobalProtect app versions."
        }
      ],
      "source": {
        "defect": [
          "GPC-13888"
        ],
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "eng",
          "time": "2022-02-09T17:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "work_around": [
        {
          "lang": "eng",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_advisoryEoL": true,
      "x_affectedList": [
        "GlobalProtect App 5.2.8",
        "GlobalProtect App 5.2.7",
        "GlobalProtect App 5.2.6",
        "GlobalProtect App 5.2.5",
        "GlobalProtect App 5.2.4",
        "GlobalProtect App 5.2.3",
        "GlobalProtect App 5.2.2",
        "GlobalProtect App 5.2.1",
        "GlobalProtect App 5.2.0",
        "GlobalProtect App 5.2"
      ],
      "x_likelyAffectedList": [
        "GlobalProtect App 5.0.10",
        "GlobalProtect App 5.0.9",
        "GlobalProtect App 5.0.8",
        "GlobalProtect App 5.0.7",
        "GlobalProtect App 5.0.6",
        "GlobalProtect App 5.0.5",
        "GlobalProtect App 5.0.4",
        "GlobalProtect App 5.0.3",
        "GlobalProtect App 5.0.2",
        "GlobalProtect App 5.0.1",
        "GlobalProtect App 5.0.0",
        "GlobalProtect App 5.0",
        "GlobalProtect App 4.1.13",
        "GlobalProtect App 4.1.12",
        "GlobalProtect App 4.1.11",
        "GlobalProtect App 4.1.10",
        "GlobalProtect App 4.1.9",
        "GlobalProtect App 4.1.8",
        "GlobalProtect App 4.1.7",
        "GlobalProtect App 4.1.6",
        "GlobalProtect App 4.1.5",
        "GlobalProtect App 4.1.4",
        "GlobalProtect App 4.1.3",
        "GlobalProtect App 4.1.2",
        "GlobalProtect App 4.1.1",
        "GlobalProtect App 4.1.0",
        "GlobalProtect App 4.1",
        "GlobalProtect App 4.0.8",
        "GlobalProtect App 4.0.7",
        "GlobalProtect App 4.0.6",
        "GlobalProtect App 4.0.5",
        "GlobalProtect App 4.0.4",
        "GlobalProtect App 4.0.3",
        "GlobalProtect App 4.0.2",
        "GlobalProtect App 4.0.0",
        "GlobalProtect App 4.0",
        "GlobalProtect App 3.1.6",
        "GlobalProtect App 3.1.5",
        "GlobalProtect App 3.1.4",
        "GlobalProtect App 3.1.3",
        "GlobalProtect App 3.1.1",
        "GlobalProtect App 3.1.0",
        "GlobalProtect App 3.1",
        "GlobalProtect App 3.0.3",
        "GlobalProtect App 3.0.2",
        "GlobalProtect App 3.0.1",
        "GlobalProtect App 3.0.0",
        "GlobalProtect App 3.0",
        "GlobalProtect App 2.3.5",
        "GlobalProtect App 2.3.4",
        "GlobalProtect App 2.3.3",
        "GlobalProtect App 2.3.2",
        "GlobalProtect App 2.3.1",
        "GlobalProtect App 2.3.0",
        "GlobalProtect App 2.3",
        "GlobalProtect App 2.2.2",
        "GlobalProtect App 2.2.1",
        "GlobalProtect App 2.2.0",
        "GlobalProtect App 2.2",
        "GlobalProtect App 2.1.4",
        "GlobalProtect App 2.1.3",
        "GlobalProtect App 2.1.2",
        "GlobalProtect App 2.1.1",
        "GlobalProtect App 2.1.0",
        "GlobalProtect App 2.1",
        "GlobalProtect App 2.0.5",
        "GlobalProtect App 2.0.4",
        "GlobalProtect App 2.0.3",
        "GlobalProtect App 2.0.2",
        "GlobalProtect App 2.0.1",
        "GlobalProtect App 2.0.0",
        "GlobalProtect App 2.0",
        "GlobalProtect App 1.2.11",
        "GlobalProtect App 1.2.10",
        "GlobalProtect App 1.2.9",
        "GlobalProtect App 1.2.8",
        "GlobalProtect App 1.2.7",
        "GlobalProtect App 1.2.6",
        "GlobalProtect App 1.2.5",
        "GlobalProtect App 1.2.4",
        "GlobalProtect App 1.2.3",
        "GlobalProtect App 1.2.2",
        "GlobalProtect App 1.2.1",
        "GlobalProtect App 1.2.0",
        "GlobalProtect App 1.2",
        "GlobalProtect App 1.1.8",
        "GlobalProtect App 1.1.7",
        "GlobalProtect App 1.1.6",
        "GlobalProtect App 1.1.5",
        "GlobalProtect App 1.1.4",
        "GlobalProtect App 1.1.3",
        "GlobalProtect App 1.1.2",
        "GlobalProtect App 1.1.1",
        "GlobalProtect App 1.1.0",
        "GlobalProtect App 1.1",
        "GlobalProtect App 1.0.8",
        "GlobalProtect App 1.0.7",
        "GlobalProtect App 1.0.5",
        "GlobalProtect App 1.0.3",
        "GlobalProtect App 1.0.1",
        "GlobalProtect App 1.0"
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.9",
                    "versionStartIncluding": "5.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "ID": "CVE-2022-0021"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-532"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "N/A",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2022-0021"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-02-17T16:01Z",
      "publishedDate": "2022-02-10T18:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-0021 (GCVE-0-2022-0021)

CERTFR-2022-AVI-136

Solution

CERTFR-2022-AVI-136

Solution

GHSA-C8Q6-G23P-58GH

FKIE_CVE-2022-0021

GSD-2022-0021

Tags

Sightings

Nomenclature