Paloalto Globalprotect App vulnerabilities

CVE-2024-9473 [MEDIUM] CWE-250 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App: Local Privilege Escalation (PE) Vulnerability A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect. Affected products: GlobalProte

CVE-2024-47076 [HIGH] CWE-78 Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-47076, CVE-2024-47177, CVE-2024-47175, and CVE-2024-47176 in the Common UNIX Printing System (CUPS) as they relate to our products. Based on current information, Palo Alto Networks products and cloud services do not contain affecte

CVE-2024-8687 [MEDIUM] CWE-497 PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if t

CVE-2024-5915 [MEDIUM] CWE-732 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App: Local Privilege Escalation (PE) Vulnerability A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. Affected products: GlobalProtect App Solution: This issue is fixed in GlobalProtect app 5.1.x (ETA: December 2024), GlobalProtect app 6.0.10-c826, GlobalProtect app

CVE-2024-5908 [MEDIUM] CWE-532 GlobalProtect App: Encrypted Credential Exposure via Log Files GlobalProtect App: Encrypted Credential Exposure via Log Files A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these encrypted credent

CVE-2024-3661 [HIGH] CWE-306 Impact of TunnelVision Vulnerability Impact of TunnelVision Vulnerability The Palo Alto Networks Product Security Assurance team has evaluated the TunnelVision vulnerability as it relates to our products. This issue allows an attacker with the ability to send DHCP messages on the same local area network, such as a rogue Wi-Fi network, to leak traffic outside of the GlobalProtect tunnel, allowing the attacker to read, disrupt, or possibly modify network traffic that

CVE-2024-3094 [CRITICAL] CWE-506 Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094) Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094) The Palo Alto Networks Product Security Assurance team has evaluated the supply chain compromise impacting versions 5.6.0 and 5.6.1 of XZ tools and libraries. These versions of the software may allow unauthorized access to affected systems. Based on the information presently known, Palo Alto Networks

CVE-2024-2432 [HIGH] CWE-269 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App: Local Privilege Escalation (PE) Vulnerability A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. Affected products: GlobalProtect App Solution: This issue is fixed i

CVE-2024-2431 [MEDIUM] CWE-269 GlobalProtect App: Local User Can Disable GlobalProtect GlobalProtect App: Local User Can Disable GlobalProtect An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app without needing the passcode in configurations that allow a user to disable GlobalProtect with a passcode. Affected products: GlobalProtect App Solution: This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalPro

CVE-2023-44487 [HIGH] CWE-400 Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945) Impact of Rapid Reset and HTTP/2 DoS Vulnerabilities (CVE-2023-44487, CVE-2023-35945) The Palo Alto Networks Product Security Assurance team is evaluating the recently disclosed denial-of-service (DoS) vulnerabilities in the HTTP/2 protocol including Rapid Reset (CVE-2023-44487) and CVE-2023-35945. If HTTP/2 inspection is enabled in PAN-OS, an ongoing distributed denial-of-servic

CVE-2023-0009 [HIGH] CWE-807 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App: Local Privilege Escalation (PE) Vulnerability A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges. Affected products: GlobalProtect App Solution: This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.5, GlobalProtect app 6.1

CVE-2023-0006 [MEDIUM] CWE-367 GlobalProtect App: Local File Deletion Vulnerability GlobalProtect App: Local File Deletion Vulnerability A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition. Affected products: GlobalProtect App Solution: This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.4, GlobalP

CVE-2022-22963 [CRITICAL] CWE-497 Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965 Informational: Impact of Spring Vulnerabilities CVE-2022-22963 and CVE-2022-22965 The Palo Alto Networks Product Security Assurance team has completed its evaluation of the Spring Cloud Function vulnerability CVE-2022-22963 and Spring Core vulnerability CVE-2022-22965 for all products and services. All Palo Alto Networks cloud services with possible impact have been mitigated and

CVE-2022-0778 [HIGH] CWE-834 Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778 Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778 The Palo Alto Networks Product Security Assurance team has evaluated the OpenSSL infinite loop vulnerability (CVE-2022-0778) as it relates to our products. This vulnerability causes the OpenSSL library to enter an infinite loop when parsing an invalid certificate and can result in a Denial-of-Service (DoS) to the application. An attacker d

CVE-2022-0017 [HIGH] CWE-59 GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circums

CVE-2022-0016 [HIGH] CWE-703 GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon With SAML Authentication GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon With SAML Authentication An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app when the feature is configured to use SAML authentication that enables a local attacker to escal

CVE-2022-0021 [MEDIUM] CWE-532 GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. Affected products: GlobalProtect App Solution:

CVE-2022-0019 [MEDIUM] CWE-522 GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable

CVE-2022-0018 [MEDIUM] CWE-201 GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On featu

CVE-2021-44228 [CRITICAL] CWE-94 Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 Apache Log4j Java library is vulnerable to a remote code execution vulnerability CVE-2021-44228, known as Log4Shell, and related vulnerabilities CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832. Log4Shell allows remote unauthenticated attackers with the ability to i