CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0009 – GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
https://notcve.org/view.php?id=CVE-2023-0009
A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges. • https://security.paloaltonetworks.com/CVE-2023-0009 • CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-0019 – GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux
https://notcve.org/view.php?id=CVE-2022-0019
An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user’s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. • https://security.paloaltonetworks.com/CVE-2022-0019 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-0018 – GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled
https://notcve.org/view.php?id=CVE-2022-0018
An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. This product behavior is intentional and poses no security risk when connecting to trusted GlobalProtect portals configured to use the same Single Sign-On credentials both for the local user account as well as the GlobalProtect login. However when the credentials are different, the local account credentials are inadvertently sent to the GlobalProtect portal for authentication. A third party MITM type of attacker cannot see these credentials in transit. This vulnerability is a concern where the GlobalProtect app is deployed on Bring-your-Own-Device (BYOD) type of clients with private local user accounts or GlobalProtect app is used to connect to different organizations. • https://security.paloaltonetworks.com/CVE-2022-0018 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-0017 – GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-0017
An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms. Se presenta una vulnerabilidad de resolución de enlaces inapropiado antes del acceso a archivos ("link following") en GlobalProtect app de Palo Alto Networks en Windows que permite a un atacante local interrumpir los procesos del sistema y ejecutar potencialmente código arbitrario con privilegios SYSTEM en determinadas circunstancias. • https://security.paloaltonetworks.com/CVE-2022-0017 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.3EPSS: 0%CPEs: 13EXPL: 0CVE-2021-3057 – GlobalProtect App: Buffer Overflow Vulnerability When Connecting to Portal or Gateway
https://notcve.org/view.php?id=CVE-2021-3057
A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.9 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on Windows; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.8 on the Universal Windows Platform; GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.1 on Linux. Se presenta una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria en Palo Alto Networks GlobalProtect app que permite a un atacante que actúa como intermediario interrumpir los procesos del sistema y ejecutar potencialmente código arbitrario con privilegios SYSTEM. Este problema afecta: GlobalProtect app 5.1 versiones anteriores a GlobalProtect app 5.1.9 en Windows; GlobalProtect app 5.2 versiones anteriores a GlobalProtect app 5.2.8 en Windows; GlobalProtect app 5.2 versiones anteriores a GlobalProtect app 5.2.8 en la Plataforma Universal Windows; GlobalProtect app 5.3 versiones anteriores a GlobalProtect app 5.3.1 en Linux • https://security.paloaltonetworks.com/CVE-2021-3057 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •