Information Disclosure in GlobalProtect Agent
CVE-2019-1573

2.5LOW

Key Information:

Vendor
Palo Alto Networks
Status
Globalprotect Agent
Vendor
CVE Published:
9 April 2019

Summary

GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user.

Affected Version(s)

GlobalProtect Agent OS X 4.1.11 < 4.1*

GlobalProtect Agent Windows 4.1 <= 4.1.0

References

https://www.kb.cert.org/vuls/id/192371
third-party-advisoryx_refsource_CERT-VN
http://www.securityfocus.com/bid/107868
vdb-entryx_refsource_BID
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-201...
x_refsource_CONFIRM

CVSS V3.1

Score:
2.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.