Lucene search

[email protected]NVD:CVE-2024-5908

HistoryJun 12, 2024 - 5:15 p.m.

CVE-2024-5908

2024-06-1217:15:53

CWE-532

[email protected]

web.nvd.nist.gov

palo alto networks

globalprotect

encrypted credentials

application logs

vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

37.6%

JSON

A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these encrypted credentials are exposed to recipients of the application logs.

Affected configurations

Nvd

Node

paloaltonetworksglobalprotectRange5.1–5.1.12

paloaltonetworksglobalprotectRange6.0–6.0.8

paloaltonetworksglobalprotectRange6.1–6.1.3

paloaltonetworksglobalprotectRange6.2–6.2.3

VendorProductVersionCPE
paloaltonetworksglobalprotect*cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
paloaltonetworks	globalprotect	*	cpe:2.3:a:paloaltonetworks:globalprotect::::::::

References

security.paloaltonetworks.com/CVE-2024-5908

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

37.6%

JSON

Related for NVD:CVE-2024-5908

nessus1 vulnrichment1 cve1 cvelist1 paloalto1