CVE-2022-0019 — Insufficiently Protected Credentials in Palo Alto Networks Globalprotect APP

CWE-522 — Insufficiently Protected Credentials5 documents5 sources

Severity

5.5MEDIUMNVD

CNA4.7

EPSS

0.0%

top 88.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Globalprotect APP Paloaltonetworks Globalprotect Paloalto Globalprotect APP

Timeline

PublishedFeb 10

Latest updateJul 12

Description

An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user’s plaintext password. This issue impacts: GlobalProtect app 5.1 v…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDpaloaltonetworks/globalprotect5.1 — 5.1.10+2

▶CVEListV5palo_alto_networks/globalprotect_app5.3 — 5.3.2+2

▶Palo Altopaloalto/globalprotect_app

🔴Vulnerability Details

GHSA

GHSA-w348-j94x-qjh2: An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials↗2022-02-11

▶

CVEList

GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux↗2022-02-10

▶

📋Vendor Advisories

VMware

VMware vRealize Log Insight contains multiple stored cross-site scripting vulnerabilities↗2022-07-12

▶

Palo Alto

GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux↗2022-02-09

▶