cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-5921,https://securityvulnerability.io/vulnerability/CVE-2024-5921,Insufficient Certification Validation in Palo Alto Networks GlobalProtect Application,"Two critical vulnerabilities were discovered in the Palo Alto Networks GlobalProtect VPN app and the SonicWall SMA100 NetExtender VPN client for Windows. The vulnerability in the GlobalProtect app allows attackers to install malicious code with elevated privileges, while the vulnerability in the SonicWall client enables remote code execution with system privileges. Both vulnerabilities require the victim to connect to a malicious VPN server, which can be achieved through social engineering. The impact of these vulnerabilities is severe, and researchers have developed tools to demonstrate the attack methods. Mitigations and patches have been released for these vulnerabilities, but it is important for organizations to promptly address the issue to prevent potential exploitation.",Palo Alto Networks,"Globalprotect App,Globalprotect UWP App,Globalprotect iOS App",,,0.00044999999227002263,false,true,false,true,true,false,false,2024-11-27T03:50:13.596Z,0
CVE-2024-9473,https://securityvulnerability.io/vulnerability/CVE-2024-9473,Privilege Escalation Vulnerability in Palo Alto Networks GlobalProtect for Windows,"The GlobalProtect application developed by Palo Alto Networks is susceptible to a privilege escalation vulnerability affecting Windows environments. This flaw allows a locally authenticated user without administrative rights to escalate their privileges to that of NT AUTHORITY/SYSTEM through the exploit of the application's repair functionality via its .msi installer. Such a vulnerability poses risks as it could enable unauthorized control over system settings, data, and operational capabilities. Organizations using the GlobalProtect app on Windows should ensure proper updates and configurations are applied to mitigate potential exploitation.",Palo Alto Networks,Globalprotect App,7.8,HIGH,0.0004299999854993075,false,false,false,true,true,false,false,2024-10-09T17:15:00.000Z,0
CVE-2024-8687,https://securityvulnerability.io/vulnerability/CVE-2024-8687,GlobalProtect Information Exposure Vulnerability,"An information exposure vulnerability has been identified within Palo Alto Networks' PAN-OS software that allows a GlobalProtect end user to gain access to sensitive security credentials. This flaw permits the user to retrieve both the GlobalProtect uninstall password and the disable or disconnect passcode. With this information, users can potentially uninstall, disable, or disconnect the GlobalProtect VPN application, bypassing the intended application security settings that would usually prevent such actions.",Palo Alto Networks,"Pan-os,Globalprotect App,Cloud Ngfw,Prisma Access",7.1,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-09-11T16:40:21.066Z,0
CVE-2024-5915,https://securityvulnerability.io/vulnerability/CVE-2024-5915,Palo Alto Networks GlobalProtect App Privilege Escalation Vulnerability Allows Local User Elevated Access,"The vulnerability identified in the Palo Alto Networks GlobalProtect application allows a local user on Windows devices to elevate their privileges. This flaw could potentially enable unauthorized actions by executing programs with elevated privileges, which may compromise the security of the affected system. Immediate remediation is recommended for users to ensure their systems remain protected against exploitation of this vulnerability.",Palo Alto Networks,Globalprotect App,7.8,HIGH,0.0004299999854993075,false,true,false,true,,false,false,2024-08-14T17:15:00.000Z,0
CVE-2024-5908,https://securityvulnerability.io/vulnerability/CVE-2024-5908,Encrypted User Credentials Exposed in Application Logs,"A security concern has been identified within the Palo Alto Networks GlobalProtect application. This issue allows for the exposure of encrypted user credentials within application logs that, while generally accessible only to local users, can compromise sensitive information when logs are shared for troubleshooting. Such logs can potentially be viewed by unintended recipients, posing risks to user privacy and data security. It is crucial for organizations using the GlobalProtect application to implement recommended measures to mitigate exposure and protect sensitive user credentials.",Palo Alto Networks,Globalprotect App,7.5,HIGH,0.0008699999889358878,false,false,false,true,,false,false,2024-06-12T17:15:00.000Z,0
CVE-2024-2432,https://securityvulnerability.io/vulnerability/CVE-2024-2432,Palo Alto Networks GlobalProtect Privilege Escalation Vulnerability,The vulnerability identified as CVE-2024-2432 is a privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices. It allows a local user to execute programs with elevated privileges by exploiting a race condition. The severity of the vulnerability is rated as MEDIUM and Palo Alto Networks has fixed the issue in affected versions. There are no known exploitations of this vulnerability in the wild at this time.,Palo Alto Networks,Globalprotect App,4.5,MEDIUM,0.0004299999854993075,false,true,false,false,,false,false,2024-03-13T17:51:33.908Z,0
CVE-2024-2431,https://securityvulnerability.io/vulnerability/CVE-2024-2431,Non-Privileged User Disables GlobalProtect App in Configurations Allowing Passcode Disablement,"A vulnerability exists within the Palo Alto Networks GlobalProtect app that permits a non-privileged user to disable the application under specific configurations that allow such actions using a passcode. This could lead to unauthorized access and security bypass, posing a significant risk to network integrity. Organizations leveraging GlobalProtect for secure network access should assess the impact of this issue on their system configurations and take the necessary precautions to mitigate any potential risks.",Palo Alto Networks,Globalprotect App,5.5,MEDIUM,0.0004299999854993075,false,false,false,true,,false,false,2024-03-13T17:51:17.735Z,0
CVE-2023-0009,https://securityvulnerability.io/vulnerability/CVE-2023-0009,GlobalProtect App: Local Privilege Escalation (PE) Vulnerability,"A local privilege escalation vulnerability has been identified in the Palo Alto Networks GlobalProtect app for Windows. This security flaw allows a local user to execute programs with elevated privileges, potentially compromising system integrity and escalating access levels. Users are advised to update to the latest version to mitigate risks associated with this vulnerability.",Palo Alto Networks,Globalprotect App,7.8,HIGH,0.0004199999966658652,false,false,false,true,,false,false,2023-06-14T17:15:00.000Z,0
CVE-2023-0006,https://securityvulnerability.io/vulnerability/CVE-2023-0006,GlobalProtect App: Local File Deletion Vulnerability,A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition.,Palo Alto Networks,Globalprotect App,6.3,MEDIUM,0.0004199999966658652,false,false,false,true,,false,false,2023-04-12T17:15:00.000Z,0
CVE-2022-0019,https://securityvulnerability.io/vulnerability/CVE-2022-0019,GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux,An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user’s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms.,Palo Alto Networks,Globalprotect App,4.7,MEDIUM,0.0004199999966658652,false,false,false,true,,false,false,2022-02-10T18:15:00.000Z,0
CVE-2022-0018,https://securityvulnerability.io/vulnerability/CVE-2022-0018,GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled,"An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. This product behavior is intentional and poses no security risk when connecting to trusted GlobalProtect portals configured to use the same Single Sign-On credentials both for the local user account as well as the GlobalProtect login. However when the credentials are different, the local account credentials are inadvertently sent to the GlobalProtect portal for authentication. A third party MITM type of attacker cannot see these credentials in transit. This vulnerability is a concern where the GlobalProtect app is deployed on Bring-your-Own-Device (BYOD) type of clients with private local user accounts or GlobalProtect app is used to connect to different organizations. Fixed versions of GlobalProtect app have an app setting to prevent the transmission of the user's local user credentials to the target GlobalProtect portal regardless of the portal configuration. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows and MacOS; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS This issue does not affect GlobalProtect app on other platforms.",Palo Alto Networks,GlobalProtect App,6.5,MEDIUM,0.001230000052601099,false,false,false,false,,false,false,2022-02-10T18:15:00.000Z,0
CVE-2022-0017,https://securityvulnerability.io/vulnerability/CVE-2022-0017,GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation,An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms.,Palo Alto Networks,Globalprotect App,7,HIGH,0.0004199999966658652,false,false,false,true,,false,false,2022-02-09T00:00:00.000Z,0
CVE-2022-0016,https://securityvulnerability.io/vulnerability/CVE-2022-0016,GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon,An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.,Palo Alto Networks,Globalprotect App,7.4,HIGH,0.0004199999966658652,false,false,false,true,,false,false,2022-02-09T00:00:00.000Z,0
CVE-2022-0021,https://securityvulnerability.io/vulnerability/CVE-2022-0021,GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon,An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms.,Palo Alto Networks,Globalprotect App,3.3,LOW,0.0004400000034365803,false,false,false,true,,false,false,2022-02-09T00:00:00.000Z,0
CVE-2021-3057,https://securityvulnerability.io/vulnerability/CVE-2021-3057,GlobalProtect App: Buffer Overflow Vulnerability When Connecting to Portal or Gateway,A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.9 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on the Universal Windows Platform; GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.1 on Linux.,Palo Alto Networks,Globalprotect App,8.1,HIGH,0.0020099999383091927,false,false,false,true,,false,false,2021-10-13T00:00:00.000Z,0
CVE-2021-3038,https://securityvulnerability.io/vulnerability/CVE-2021-3038,GlobalProtect App: Windows VPN kernel driver denial of service (DoS),A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.8; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.4.,Palo Alto Networks,Globalprotect App,5.5,MEDIUM,0.0004400000034365803,false,false,false,true,,false,false,2021-04-14T00:00:00.000Z,0
CVE-2020-2032,https://securityvulnerability.io/vulnerability/CVE-2020-2032,GlobalProtect App: File race condition vulnerability leads to local privilege escalation during upgrade,A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. This issue can be exploited only while performing a GlobalProtect app upgrade. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 on Windows; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 on Windows.,Palo Alto Networks,Globalprotect App,7,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2020-06-10T00:00:00.000Z,0
CVE-2020-2033,https://securityvulnerability.io/vulnerability/CVE-2020-2033,GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie,"When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. This allows the attacker to access the GlobalProtect Server as allowed by configured Security rules for the 'pre-login' user. This access may be limited compared to the network access of regular users. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 when the prelogon feature is enabled; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 when the prelogon feature is enabled.",Palo Alto Networks,Globalprotect App,5.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-06-10T00:00:00.000Z,0
CVE-2020-2004,https://securityvulnerability.io/vulnerability/CVE-2020-2004,GlobalProtect App: Passwords may be logged in clear text while collecting troubleshooting logs,"Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. For this issue to occur all of these conditions must be true: (1) 'Save User Credential' option should be set to 'Yes' in the GlobalProtect Portal's Agent configuration, (2) the GlobalProtect user manually selects a gateway, (3) and the logging level is set to 'Dump' while collecting troubleshooting logs. This issue does not affect GlobalProtect app on other platforms (for example iOS/Android/Linux). This issue affects GlobalProtect app 5.0 versions earlier than 5.0.9, GlobalProtect app 5.1 versions earlier than 5.1.2 on Windows or MacOS. Since becoming aware of the issue, Palo Alto Networks has safely deleted all the known GlobalProtectLogs zip files sent by customers with the credentials. We now filter and remove these credentials from all files sent to Customer Support. The GlobalProtectLogs zip files uploaded to Palo Alto Networks systems were only accessible by authorized personnel with valid Palo Alto Networks credentials. We do not have any evidence of malicious access or use of these credentials.",Palo Alto Networks,Globalprotect App,6.8,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2020-05-13T00:00:00.000Z,0