GlobalProtect Information Exposure Vulnerability
CVE-2024-8687

7.1HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Pan-os; Globalprotect App; Cloud Ngfw; Prisma Access
Vendor: CVE Published:; 11 September 2024

Summary

An information exposure vulnerability has been identified within Palo Alto Networks' PAN-OS software that allows a GlobalProtect end user to gain access to sensitive security credentials. This flaw permits the user to retrieve both the GlobalProtect uninstall password and the disable or disconnect passcode. With this information, users can potentially uninstall, disable, or disconnect the GlobalProtect VPN application, bypassing the intended application security settings that would usually prevent such actions.

Affected Version(s)

GlobalProtect App 5.1.0 < 5.1.12

GlobalProtect App 5.2.0 < 5.2.13

GlobalProtect App 6.0.0 < 6.0.7

References

https://security.paloaltonetworks.com/CVE-2024-8687

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 11, 2024
Vulnerability Reserved
Sep 11, 2024

Credit

Claudiu Pancotan