CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15870
https://notcve.org/view.php?id=CVE-2017-15870
Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking." Palo Alto Networks GlobalProtect Agent en versiones anteriores a la 4.0.3 permite que atacantes con permisos de administración en la estación local obtengan privilegios SYSTEM mediante vectores relacionados con "image path execution hijacking". • http://www.securityfocus.com/bid/102083 https://security.paloaltonetworks.com/CVE-2017-15870 •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6606
https://notcve.org/view.php?id=CVE-2012-6606
Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof portal servers and obtain sensitive information via a crafted certificate. Palo Alto Networks GlobalProtect anterior a 1.1.7 y NetConnect, no verifican los certificados X.509 desde los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar a servidores y obtener información sensible a través de un certificado manipulado. • http://archives.neohapsis.com/archives/bugtraq/2012-10/0100.html https://security.paloaltonetworks.com/CVE-2012-6606 • CWE-310: Cryptographic Issues •