Globalprotect Security Vulnerabilities and Issues — Globalprotect CVE List

Lucene search

PaloaltonetworksGlobalprotect

7 matches found

CVE•added 2020/02/12 11:15 p.m.•79 views

CVE-2020-1976

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.

5.5CVSS4.8AI score0.00126EPSS

CVE•added 2020/05/13 7:15 p.m.•65 views

CVE-2020-2004

Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. For this issue to occur all of these conditions must be true: (1) 'S...

6.8CVSS5.8AI score0.00058EPSS

CVE•added 2020/04/08 7:15 p.m.•55 views

CVE-2020-1988

An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5....

7.2CVSS5.4AI score0.0013EPSS

CVE•added 2020/06/10 6:15 p.m.•51 views

CVE-2020-2032

A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. This issue can be exploited only while performing a GlobalProtect app upgrade. This issue affects: GlobalProtect app 5.0 versions earlier th...

7CVSS6.8AI score0.00098EPSS

CVE•added 2020/04/08 7:15 p.m.•47 views

CVE-2020-1987

An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions...

3.9CVSS3.5AI score0.00107EPSS

CVE•added 2020/06/10 6:15 p.m.•46 views

CVE-2020-2033

When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing att...

5.3CVSS5.1AI score0.00115EPSS

CVE•added 2020/04/08 7:15 p.m.•41 views

CVE-2020-1989

An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for Li...

7.8CVSS7.2AI score0.00117EPSS