Unrated severityNVD Advisory· Published May 13, 2020· Updated Sep 17, 2024
PAN-OS: GlobalProtect Clientless VPN session hijacking
CVE-2020-2005
Description
A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; All versions of PAN-OS 8.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <7.1.26, <8.1.13, <9.0.7, all 8.0
<7.1.26, <8.1.13, <9.0.7, all 8.0+ 1 more
- (no CPE)range: <7.1.26, <8.1.13, <9.0.7, all 8.0
- (no CPE)range: 8.0.*
Patches
Vulnerability mechanics
References
1- security.paloaltonetworks.com/CVE-2020-2005mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.