GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon

CVE-2022-0021

3.3LOW

Key Information

Vendor: Palo Alto Networks
Status: Globalprotect App
Vendor: CVE Published:; 9 February 2022

Badges

👾 Exploit Exists

Summary

An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms.

Affected Version(s)

GlobalProtect App < 5.2.9

GlobalProtect App >= 5.1.*

GlobalProtect App >= 5.3.*

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Sep 16, 2024
Risk change from: 5.5 to: 3.3 - (LOW)
Feb 22, 2024
Initial publication
Feb 9, 2022
Vulnerability published.
Feb 9, 2022
Vulnerability Reserved.
Dec 28, 2021

Collectors

NVD DatabaseMitre Database

Credit

This issue was found by Rutger Truyers of Palo Alto Networks during internal security review.