Vulnerabilites related to Palo Alto Networks - Global Protect Agent
cve-2020-1989
Vulnerability from cvelistv5
Published
2020-04-08 18:41
Modified
2024-09-16 19:14
Severity ?
EPSS score ?
Summary
An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for Linux 5.0 versions before 5.0.8; 5.1 versions before 5.1.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2020-1989 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Global Protect Agent |
Version: 5.0 < 5.0.8 Version: 5.1 < 5.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-1989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux ARM"
],
"product": "Global Protect Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.0.8",
"status": "unaffected"
}
],
"lessThan": "5.0.8",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.1.1",
"status": "unaffected"
}
],
"lessThan": "5.1.1",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for Linux 5.0 versions before 5.0.8; 5.1 versions before 5.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-08T18:41:58",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-1989"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Global Protect Agent 5.0.8, Global Protect Agent 5.1.1 and all later versions."
}
],
"source": {
"defect": [
"GPC-9358"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2020-04-08T00:00:00",
"value": "Initial publication"
}
],
"title": "Global Protect Agent: Incorrect privilege assignment allows local privilege escalation",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1989",
"STATE": "PUBLIC",
"TITLE": "Global Protect Agent: Incorrect privilege assignment allows local privilege escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Global Protect Agent",
"version": {
"version_data": [
{
"platform": "Linux ARM",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.8"
},
{
"platform": "Linux ARM",
"version_affected": "\u003c",
"version_name": "5.1",
"version_value": "5.1.1"
},
{
"platform": "Linux ARM",
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.8"
},
{
"platform": "Linux ARM",
"version_affected": "!\u003e=",
"version_name": "5.1",
"version_value": "5.1.1"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for Linux 5.0 versions before 5.0.8; 5.1 versions before 5.1.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266 Incorrect Privilege Assignment"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2020-1989",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1989"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Global Protect Agent 5.0.8, Global Protect Agent 5.1.1 and all later versions."
}
],
"source": {
"defect": [
"GPC-9358"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2020-04-08T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2020-1989",
"datePublished": "2020-04-08T18:41:58.456857Z",
"dateReserved": "2019-12-04T00:00:00",
"dateUpdated": "2024-09-16T19:14:44.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1988
Vulnerability from cvelistv5
Published
2020-04-08 18:41
Modified
2024-09-16 18:03
Severity ?
EPSS score ?
Summary
An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2020-1988 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Global Protect Agent |
Version: 5.0 < 5.0.5 Version: 4.1 < 4.1.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-1988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Global Protect Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.0.5",
"status": "unaffected"
}
],
"lessThan": "5.0.5",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "4.1.13",
"status": "unaffected"
}
],
"lessThan": "4.1.13",
"status": "affected",
"version": "4.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue only affects Windows systems where local users are configured with file creation privileges to the root of the OS disk (C:\\) or \u0027Program Files\u0027 directory."
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Ratnesh Pandey of Bromium and Matthew Batten for discovering and reporting this issue."
}
],
"datePublic": "2020-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-08T18:41:58",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-1988"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Global Protect Agent 5.0.5, Global Protect Agent 4.1.13 and all later versions."
}
],
"source": {
"defect": [
"GPC-9320"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2020-04-08T00:00:00",
"value": "Initial publication"
}
],
"title": "Global Protect Agent: Local privilege escalation due to an unquoted search path vulnerability",
"workarounds": [
{
"lang": "en",
"value": "Do not grant file creation privileges on the root of the OS disk (C:\\) or \u0027Program Files\u0027 directory to unprivileged users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1988",
"STATE": "PUBLIC",
"TITLE": "Global Protect Agent: Local privilege escalation due to an unquoted search path vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Global Protect Agent",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.5"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "4.1",
"version_value": "4.1.13"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.5"
},
{
"platform": "Windows",
"version_affected": "!\u003e=",
"version_name": "4.1",
"version_value": "4.1.13"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue only affects Windows systems where local users are configured with file creation privileges to the root of the OS disk (C:\\) or \u0027Program Files\u0027 directory."
}
],
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Ratnesh Pandey of Bromium and Matthew Batten for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2020-1988",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1988"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Global Protect Agent 5.0.5, Global Protect Agent 4.1.13 and all later versions."
}
],
"source": {
"defect": [
"GPC-9320"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2020-04-08T00:00:00",
"value": "Initial publication"
}
],
"work_around": [
{
"lang": "en",
"value": "Do not grant file creation privileges on the root of the OS disk (C:\\) or \u0027Program Files\u0027 directory to unprivileged users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2020-1988",
"datePublished": "2020-04-08T18:41:58.415618Z",
"dateReserved": "2019-12-04T00:00:00",
"dateUpdated": "2024-09-16T18:03:55.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1987
Vulnerability from cvelistv5
Published
2020-04-08 18:41
Modified
2024-09-16 19:14
Severity ?
EPSS score ?
Summary
An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2020-1987 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Global Protect Agent |
Version: 5.0 < 5.0.9 Version: 5.1 < 5.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-1987"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Global Protect Agent",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "5.0.9",
"status": "unaffected"
}
],
"lessThan": "5.0.9",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "5.1.1",
"status": "unaffected"
}
],
"lessThan": "5.1.1",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Ahmet Hrnjadovic for discovering and reporting this issue."
}
],
"datePublic": "2020-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to \"Dump\". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-08T18:41:58",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.paloaltonetworks.com/CVE-2020-1987"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in Global Protect Agent 5.0.9, Global Protect Agent 5.1.1 and all later versions."
}
],
"source": {
"defect": [
"GPC-9393"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2020-04-08T00:00:00",
"value": "Initial publication"
}
],
"title": "Global Protect Agent: VPN cookie local information disclosure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1987",
"STATE": "PUBLIC",
"TITLE": "Global Protect Agent: VPN cookie local information disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Global Protect Agent",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.9"
},
{
"version_affected": "\u003c",
"version_name": "5.1",
"version_value": "5.1.1"
},
{
"version_affected": "!\u003e=",
"version_name": "5.0",
"version_value": "5.0.9"
},
{
"version_affected": "!\u003e=",
"version_name": "5.1",
"version_value": "5.1.1"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Palo Alto Networks thanks Ahmet Hrnjadovic for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to \"Dump\". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.paloaltonetworks.com/CVE-2020-1987",
"refsource": "MISC",
"url": "https://security.paloaltonetworks.com/CVE-2020-1987"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is fixed in Global Protect Agent 5.0.9, Global Protect Agent 5.1.1 and all later versions."
}
],
"source": {
"defect": [
"GPC-9393"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2020-04-08T00:00:00",
"value": "Initial publication"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2020-1987",
"datePublished": "2020-04-08T18:41:58.380348Z",
"dateReserved": "2019-12-04T00:00:00",
"dateUpdated": "2024-09-16T19:14:19.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}