CVE-2020-1976 — External Control of Critical State Data in Palo Alto Networks Globalprotect

CWE-642 — External Control of Critical State Data CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.5MEDIUMNVD

CNA4.7

EPSS

0.1%

top 68.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Globalprotect Paloaltonetworks Globalprotect Paloalto Globalprotect APP

Timeline

PublishedFeb 12

Latest updateMay 24

Description

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDpaloaltonetworks/globalprotect5.0 — 5.0.5

▶CVEListV5palo_alto_networks/globalprotect5.0 — 5.0.5

▶Palo Altopaloalto/globalprotect_app

🔴Vulnerability Details

GHSA

GHSA-9x5h-34f3-92qm: A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the M↗2022-05-24

▶

CVEList

GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability.↗2020-02-12

▶

📋Vendor Advisories

Palo Alto

GlobalProtect App: Local denial-of-service (DoS) vulnerability on MacOS↗2020-02-12

▶