CVE-2020-2033

🗓️ 10 Jun 2020 17:29:41Reported by palo_altoType

Missing certification validation in Palo Alto Networks GlobalProtect app can disclose pre-logon authentication cookie to man-in-the-middle attacker on the same local area network segment

Reporter	Title	Published	Views	Family All 8
CNVD	Palo Alto Networks GlobalProtect Trust Management Issues Vulnerability	11 Jun 202000:00	–	cnvd
Cvelist	CVE-2020-2033 GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie	10 Jun 202017:29	–	cvelist
EUVD	EUVD-2020-22059	7 Oct 202500:30	–	euvd
NVD	CVE-2020-2033	10 Jun 202018:15	–	nvd
OSV	CVE-2020-2033	10 Jun 202018:15	–	osv
Palo Alto Networks	GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie	10 Jun 202016:00	–	paloalto
Tenable Nessus	Palo Alto GlobalProtect Agent 5.0.x < 5.0.10 / 5.1.x < 5.1.4 Missing Certificate Validation	18 Jun 202000:00	–	nessus
Prion	Design/Logic Flaw	10 Jun 202018:15	–	prion

NVD

Vulners

Node

paloaltonetworks globalprotectRange5.0.0–5.0.10windows

paloaltonetworks globalprotectRange5.1.0–5.1.4windows

[
  {
    "product": "GlobalProtect App",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "5.1.4",
            "status": "unaffected"
          }
        ],
        "lessThan": "5.1.4",
        "status": "affected",
        "version": "5.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "5.0.10",
            "status": "unaffected"
          }
        ],
        "lessThan": "5.0.10",
        "status": "affected",
        "version": "5.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
security	www.security.paloaltonetworks.com/CVE-2020-2033

21 Nov 2024 05:24Current

5.1Medium risk

Vulners AI Score5.1

CVSS 22.9

CVSS 3.15.3

EPSS0.00115