Lucene search

K
cve[email protected]CVE-2020-1989
HistoryApr 08, 2020 - 7:15 p.m.

CVE-2020-1989

2020-04-0819:15:13
CWE-266
CWE-269
web.nvd.nist.gov
21
cve-2020-1989
palo alto networks
global protect agent
linux
vulnerability
root privileges

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for Linux 5.0 versions before 5.0.8; 5.1 versions before 5.1.1.

Affected configurations

NVD
Node
paloaltonetworksglobalprotectRange5.05.0.8linux
OR
paloaltonetworksglobalprotectRange5.15.1.1linux

CNA Affected

[
  {
    "platforms": [
      "Linux ARM"
    ],
    "product": "Global Protect Agent",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "5.0.8",
            "status": "unaffected"
          }
        ],
        "lessThan": "5.0.8",
        "status": "affected",
        "version": "5.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "5.1.1",
            "status": "unaffected"
          }
        ],
        "lessThan": "5.1.1",
        "status": "affected",
        "version": "5.1",
        "versionType": "custom"
      }
    ]
  }
]

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

Related for CVE-2020-1989