Global Protect Agent: VPN cookie local information disclosure
CVE-2020-1987

3.9LOW

Key Information:

Vendor: Palo Alto Networks
Status: Global Protect Agent
Vendor: CVE Published:; 8 April 2020

🔔 Create Palo Alto Networks Vulnerability Alert

What is CVE-2020-1987?

An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Global Protect Agent 5.0 < 5.0.9

Global Protect Agent 5.1 < 5.1.1

References

https://security.paloaltonetworks.com/CVE-2020-1987

x_refsource_MISC

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2020
Vulnerability Reserved
Dec 4, 2019

Credit

Palo Alto Networks thanks Ahmet Hrnjadovic for discovering and reporting this issue.

JSON

Palo Alto Networks