CVE-2022-0016
published 2022-02-10CVE-2022-0016: An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that…
PriorityP339high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.21%
10.7th percentile
An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | globalprotect_app | >= 5.2 < 5.2.9 | 5.2.9 |
| paloalto | globalprotect_app | — | — |
| paloaltonetworks | globalprotect | >= 5.2 < 5.2.9 | 5.2.9 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
cisa7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mrwh-mjvv-r5vh: An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect ap
ghsa_unreviewed·2022-02-11
CVE-2022-0016 [HIGH] CWE-755 GHSA-mrwh-mjvv-r5vh: An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect ap
An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.
VMware
VMware ESXi addresses DirectPath I/O (PCI-Passthrough) Information Leak vulnerabilities (CVE-2022-21123, CVE-2022-21125, CVE-2022-21166)
vendor_vmware·2022-06-14·CVSS 5.5
CVE-2022-21123 [MEDIUM] VMware ESXi addresses DirectPath I/O (PCI-Passthrough) Information Leak vulnerabilities (CVE-2022-21123, CVE-2022-21125, CVE-2022-21166)
VMSA-2022-0016: VMware ESXi addresses DirectPath I/O (PCI-Passthrough) Information Leak vulnerabilities (CVE-2022-21123, CVE-2022-21125, CVE-2022-21166)
VMware ESXi contains information leak vulnerabilities when DirectPath I/O (PCI-Passthrough) is utilized. VMware has evaluated the severity of these issues to be in the Low severity range with a maximum CVSSv3 base score of 3.8.
CVEs: CVE-2022-21123, CVE-2022-21125, CVE-2022-21166
Affected products: VMware Cloud Foundation, VMware ESXi, VMware vSphere
CISA
Microsoft Windows TS WebProxy Directory Traversal Vulnerability
cisa·2022-05-25·CVSS 7.8
CVE-2015-0016 [HIGH] CWE-22 Microsoft Windows TS WebProxy Directory Traversal Vulnerability
Vulnerability: Microsoft Windows TS WebProxy Directory Traversal Vulnerability
Affected: Microsoft Windows
Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-0016
Remediation Due Date: 2022-06-15
Palo Alto
GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon With SAML Authentication
vendor_paloalto·2022-02-09·CVSS 7.8
CVE-2022-0016 [HIGH] CWE-703 GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon With SAML Authentication
GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon With SAML Authentication
An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app when the feature is configured to use SAML authentication that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances.
Affected products: GlobalProtect App
Solution: This issue is fixed in GlobalProtect app 5.2.9 on Windows and MacOS, and all later GlobalProtect app versions.
Workaround: Using non-SAML authentication methods in the GlobalProtect Connect Before Logon feature removes the impact of this issue.
More information on Connect Before
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-02-10
Published