GSD-2022-0021

Vulnerability from gsd - Updated: 2023-12-13 01:19
Details
An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms.
Aliases
Aliases
CVE-2022-0021
To clipboard 

{
  "GSD": {
    "alias": "CVE-2022-0021",
    "description": "An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms.",
    "id": "GSD-2022-0021"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-0021"
      ],
      "details": "An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms.",
      "id": "GSD-2022-0021",
      "modified": "2023-12-13T01:19:11.596075Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@paloaltonetworks.com",
        "DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
        "ID": "CVE-2022-0021",
        "STATE": "PUBLIC",
        "TITLE": "GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "GlobalProtect App",
                    "version": {
                      "version_data": [
                        {
                          "platform": "Windows",
                          "version_affected": "\u003c",
                          "version_name": "5.2",
                          "version_value": "5.2.9"
                        },
                        {
                          "platform": "Windows",
                          "version_affected": "!\u003e=",
                          "version_name": "5.2",
                          "version_value": "5.2.9"
                        },
                        {
                          "version_affected": "!",
                          "version_name": "5.1",
                          "version_value": "5.1.*"
                        },
                        {
                          "version_affected": "!",
                          "version_name": "5.3",
                          "version_value": "5.3.*"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Palo Alto Networks"
            }
          ]
        }
      },
      "configuration": [
        {
          "lang": "eng",
          "value": "This issue is applicable only to devices configured to use the GlobalProtect Connect Before Logon feature."
        }
      ],
      "credit": [
        {
          "lang": "eng",
          "value": "This issue was found by Rutger Truyers of Palo Alto Networks during internal security review."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-532 Information Exposure Through Log Files"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security.paloaltonetworks.com/CVE-2022-0021",
            "refsource": "MISC",
            "url": "https://security.paloaltonetworks.com/CVE-2022-0021"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "This issue is fixed in GlobalProtect app 5.2.9 on Windows and all later GlobalProtect app versions."
        }
      ],
      "source": {
        "defect": [
          "GPC-13888"
        ],
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "eng",
          "time": "2022-02-09T17:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "work_around": [
        {
          "lang": "eng",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_advisoryEoL": true,
      "x_affectedList": [
        "GlobalProtect App 5.2.8",
        "GlobalProtect App 5.2.7",
        "GlobalProtect App 5.2.6",
        "GlobalProtect App 5.2.5",
        "GlobalProtect App 5.2.4",
        "GlobalProtect App 5.2.3",
        "GlobalProtect App 5.2.2",
        "GlobalProtect App 5.2.1",
        "GlobalProtect App 5.2.0",
        "GlobalProtect App 5.2"
      ],
      "x_likelyAffectedList": [
        "GlobalProtect App 5.0.10",
        "GlobalProtect App 5.0.9",
        "GlobalProtect App 5.0.8",
        "GlobalProtect App 5.0.7",
        "GlobalProtect App 5.0.6",
        "GlobalProtect App 5.0.5",
        "GlobalProtect App 5.0.4",
        "GlobalProtect App 5.0.3",
        "GlobalProtect App 5.0.2",
        "GlobalProtect App 5.0.1",
        "GlobalProtect App 5.0.0",
        "GlobalProtect App 5.0",
        "GlobalProtect App 4.1.13",
        "GlobalProtect App 4.1.12",
        "GlobalProtect App 4.1.11",
        "GlobalProtect App 4.1.10",
        "GlobalProtect App 4.1.9",
        "GlobalProtect App 4.1.8",
        "GlobalProtect App 4.1.7",
        "GlobalProtect App 4.1.6",
        "GlobalProtect App 4.1.5",
        "GlobalProtect App 4.1.4",
        "GlobalProtect App 4.1.3",
        "GlobalProtect App 4.1.2",
        "GlobalProtect App 4.1.1",
        "GlobalProtect App 4.1.0",
        "GlobalProtect App 4.1",
        "GlobalProtect App 4.0.8",
        "GlobalProtect App 4.0.7",
        "GlobalProtect App 4.0.6",
        "GlobalProtect App 4.0.5",
        "GlobalProtect App 4.0.4",
        "GlobalProtect App 4.0.3",
        "GlobalProtect App 4.0.2",
        "GlobalProtect App 4.0.0",
        "GlobalProtect App 4.0",
        "GlobalProtect App 3.1.6",
        "GlobalProtect App 3.1.5",
        "GlobalProtect App 3.1.4",
        "GlobalProtect App 3.1.3",
        "GlobalProtect App 3.1.1",
        "GlobalProtect App 3.1.0",
        "GlobalProtect App 3.1",
        "GlobalProtect App 3.0.3",
        "GlobalProtect App 3.0.2",
        "GlobalProtect App 3.0.1",
        "GlobalProtect App 3.0.0",
        "GlobalProtect App 3.0",
        "GlobalProtect App 2.3.5",
        "GlobalProtect App 2.3.4",
        "GlobalProtect App 2.3.3",
        "GlobalProtect App 2.3.2",
        "GlobalProtect App 2.3.1",
        "GlobalProtect App 2.3.0",
        "GlobalProtect App 2.3",
        "GlobalProtect App 2.2.2",
        "GlobalProtect App 2.2.1",
        "GlobalProtect App 2.2.0",
        "GlobalProtect App 2.2",
        "GlobalProtect App 2.1.4",
        "GlobalProtect App 2.1.3",
        "GlobalProtect App 2.1.2",
        "GlobalProtect App 2.1.1",
        "GlobalProtect App 2.1.0",
        "GlobalProtect App 2.1",
        "GlobalProtect App 2.0.5",
        "GlobalProtect App 2.0.4",
        "GlobalProtect App 2.0.3",
        "GlobalProtect App 2.0.2",
        "GlobalProtect App 2.0.1",
        "GlobalProtect App 2.0.0",
        "GlobalProtect App 2.0",
        "GlobalProtect App 1.2.11",
        "GlobalProtect App 1.2.10",
        "GlobalProtect App 1.2.9",
        "GlobalProtect App 1.2.8",
        "GlobalProtect App 1.2.7",
        "GlobalProtect App 1.2.6",
        "GlobalProtect App 1.2.5",
        "GlobalProtect App 1.2.4",
        "GlobalProtect App 1.2.3",
        "GlobalProtect App 1.2.2",
        "GlobalProtect App 1.2.1",
        "GlobalProtect App 1.2.0",
        "GlobalProtect App 1.2",
        "GlobalProtect App 1.1.8",
        "GlobalProtect App 1.1.7",
        "GlobalProtect App 1.1.6",
        "GlobalProtect App 1.1.5",
        "GlobalProtect App 1.1.4",
        "GlobalProtect App 1.1.3",
        "GlobalProtect App 1.1.2",
        "GlobalProtect App 1.1.1",
        "GlobalProtect App 1.1.0",
        "GlobalProtect App 1.1",
        "GlobalProtect App 1.0.8",
        "GlobalProtect App 1.0.7",
        "GlobalProtect App 1.0.5",
        "GlobalProtect App 1.0.3",
        "GlobalProtect App 1.0.1",
        "GlobalProtect App 1.0"
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.2.9",
                    "versionStartIncluding": "5.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "ID": "CVE-2022-0021"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-532"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "N/A",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2022-0021"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-02-17T16:01Z",
      "publishedDate": "2022-02-10T18:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.