GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon
CVE-2022-0021

3.3LOW

Key Information:

Vendor: Palo Alto Networks
Status: Globalprotect App
Vendor: CVE Published:; 9 February 2022

Badges

👾 Exploit Exists

Summary

An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms.

Affected Version(s)

GlobalProtect App Windows 5.2 < 5.2.9

GlobalProtect App 5.1.*

GlobalProtect App 5.3.*

References

https://security.paloaltonetworks.com/CVE-2022-0021

x_refsource_MISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Sep 16, 2024
Vulnerability published
Feb 9, 2022
Vulnerability Reserved
Dec 28, 2021

Credit

This issue was found by Rutger Truyers of Palo Alto Networks during internal security review.