VYPR

Globalprotect

by Paloaltonetworks

CVEs (45)

  • CVE-2024-5921Nov 27, 2024
    risk 0.00cvss epss 0.01

    An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install…

  • CVE-2024-9473Oct 9, 2024
    risk 0.00cvss epss 0.00

    A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file…

  • CVE-2024-8687Sep 11, 2024
    risk 0.00cvss epss 0.00

    An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end…

  • CVE-2024-5915Aug 14, 2024
    risk 0.00cvss epss 0.00

    A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges.

  • CVE-2024-5908Jun 12, 2024
    risk 0.00cvss epss 0.00

    A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for…

  • CVE-2024-2432Mar 13, 2024
    risk 0.00cvss epss 0.00

    A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.

  • CVE-2024-2431Mar 13, 2024
    risk 0.00cvss epss 0.00

    An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode.

  • CVE-2023-0009Jun 14, 2023
    risk 0.00cvss epss 0.00

    A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges.

  • CVE-2023-0006Apr 12, 2023
    risk 0.00cvss epss 0.00

    A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition.

  • CVE-2022-0021Feb 10, 2022
    risk 0.00cvss epss 0.00

    An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect…

  • CVE-2022-0019Feb 10, 2022
    risk 0.00cvss epss 0.00

    An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system.…

  • CVE-2022-0018Feb 10, 2022
    risk 0.00cvss epss 0.01

    An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal…

  • CVE-2022-0017Feb 10, 2022
    risk 0.00cvss epss 0.00

    An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain…

  • CVE-2022-0016Feb 10, 2022
    risk 0.00cvss epss 0.00

    An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under…

  • CVE-2021-3063Nov 10, 2021
    risk 0.00cvss epss 0.01

    An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send specifically crafted traffic to a GlobalProtect interface that causes the service…

  • CVE-2021-3057Oct 13, 2021
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: GlobalProtect app 5.1 versions…

  • CVE-2021-3038Apr 20, 2021
    risk 0.00cvss epss 0.00

    A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts:…

  • CVE-2020-2033Jun 10, 2020
    risk 0.00cvss epss 0.01

    When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to…

  • CVE-2020-2032Jun 10, 2020
    risk 0.00cvss epss 0.00

    A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. This issue can be exploited only while performing a GlobalProtect app upgrade. This issue affects: GlobalProtect app 5.0…

  • CVE-2020-2004May 13, 2020
    risk 0.00cvss epss 0.00

    Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. For this issue to occur all of these conditions…