CVE-2020-2033
published 2020-06-10CVE-2020-2033: When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication…
PriorityP426medium5.3CVSS 3.1
AVAACHPRNUINSUCHINAN
EPSS
0.76%
50.8th percentile
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. This allows the attacker to access the GlobalProtect Server as allowed by configured Security rules for the 'pre-login' user. This access may be limited compared to the network access of regular users. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 when the prelogon feature is enabled; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 when the prelogon feature is enabled.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | globalprotect_app | >= 5.0 < 5.0.10 | 5.0.10 |
| palo_alto_networks | globalprotect_app | >= 5.1 < 5.1.4 | 5.1.4 |
| paloalto | globalprotect_app | — | — |
| paloaltonetworks | globalprotect | >= 5.0.0 < 5.0.10 | 5.0.10 |
| paloaltonetworks | globalprotect | >= 5.1.0 < 5.1.4 | 5.1.4 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.9LOWAV:A/AC:M/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8p7q-qxxf-h3cm: When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentic
ghsa_unreviewed·2022-05-24
CVE-2020-2033 [LOW] GHSA-8p7q-qxxf-h3cm: When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentic
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. This allows the attacker to access the GlobalProtect Server as allowed by configured Security rules for the 'pre-login' user. This access may be limited compared to the network access of regular users. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 when the prelogon feature is enabled; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 when the prelogon feature is enabled.
Palo Alto
GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie
vendor_paloalto·2020-06-10·CVSS 5.3
CVE-2020-2033 [MEDIUM] CWE-290 GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie
GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. This allows the attacker to access the GlobalProtect Server as allowed by configured Security rules for the 'pre-login' user. This access may be limited compared to the network access of regular users.
Affected products: GlobalProtect App
Solution: This issue is fixed in GlobalProtect app 5.0.10, GlobalProtect app 5.1.4, and all later GlobalProtect app versions.
Workaround: The i
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-12395 Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
bugzilla·2020-05-05·CVSS 9.8
CVE-2020-12395 [CRITICAL] CVE-2020-12395 Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
CVE-2020-12395 Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12395
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Alexandru Michis, Jason Kratzer, philipp, Ted Campbell, Bas Schouten, André Bargull, Karl Tomlinson
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions
Via RHSA-2020:2033 https://access.redhat.com/er
Bugzilla
CVE-2020-12392 Mozilla: Arbitrary local file access with 'Copy as cURL'
bugzilla·2020-05-05·CVSS 5.5
CVE-2020-12392 [MEDIUM] CVE-2020-12392 Mozilla: Arbitrary local file access with 'Copy as cURL'
CVE-2020-12392 Mozilla: Arbitrary local file access with 'Copy as cURL'
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12392
Discussion:
Acknowledgments:
Name: the Mozilla project
Upstream: Ophir LOJKINE
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions
Via RHSA-2020:2033 https://access.redhat.com/errata/RHSA-2020:2033
---
This issue has been addressed in the following products
2020-06-10
Published