CVE-2022-0018
GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. This product behavior is intentional and poses no security risk when connecting to trusted GlobalProtect portals configured to use the same Single Sign-On credentials both for the local user account as well as the GlobalProtect login. However when the credentials are different, the local account credentials are inadvertently sent to the GlobalProtect portal for authentication. A third party MITM type of attacker cannot see these credentials in transit. This vulnerability is a concern where the GlobalProtect app is deployed on Bring-your-Own-Device (BYOD) type of clients with private local user accounts or GlobalProtect app is used to connect to different organizations. Fixed versions of GlobalProtect app have an app setting to prevent the transmission of the user's local user credentials to the target GlobalProtect portal regardless of the portal configuration. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows and MacOS; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS This issue does not affect GlobalProtect app on other platforms.
Se presenta una vulnerabilidad de exposición de información en GlobalProtect app de Palo Alto Networks en Windows y MacOS en la que las credenciales de la cuenta de usuario local son enviadas al portal de GlobalProtect cuando la función de inicio de sesión único está habilitada en la configuración del portal de GlobalProtect. Este comportamiento del producto es intencionado y no supone ningún riesgo de seguridad cuando es conectado a portales de GlobalProtect confiables configurados para usar las mismas credenciales de inicio de sesión único tanto para la cuenta de usuario local como para el inicio de sesión de GlobalProtect. Sin embargo, cuando las credenciales son diferentes, las credenciales de la cuenta local son enviadas inadvertidamente al portal de GlobalProtect para la autenticación. Un atacante de tipo MITM de terceros no puede visualizar estas credenciales en tránsito. Esta vulnerabilidad es un problema cuando GlobalProtect app es implementada en clientes del tipo Bring-your-Own-Device (BYOD) con cuentas de usuario locales privadas o GlobalProtect app es usada para conectarse a diferentes organizaciones. Las versiones corregidas de GlobalProtect app presentan una configuración de la aplicación para evitar la transmisión de las credenciales de usuario locales del usuario al portal GlobalProtect de destino, independientemente de la configuración del portal. Este problema afecta: GlobalProtect app versiones 5.1 versiones anteriores a GlobalProtect app 5.1.10 en Windows y MacOS; GlobalProtect app 5.2 versiones anteriores a GlobalProtect app 5.2.9 en Windows y MacOS Este problema no afecta a GlobalProtect app en otras plataformas
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-12-28 CVE Reserved
- 2022-02-10 CVE Published
- 2023-07-24 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-201: Insertion of Sensitive Information Into Sent Data
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2022-0018 | 2022-02-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Paloaltonetworks Search vendor "Paloaltonetworks" | Globalprotect Search vendor "Paloaltonetworks" for product "Globalprotect" | >= 5.1 < 5.1.10 Search vendor "Paloaltonetworks" for product "Globalprotect" and version " >= 5.1 < 5.1.10" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Globalprotect Search vendor "Paloaltonetworks" for product "Globalprotect" | >= 5.1 < 5.1.10 Search vendor "Paloaltonetworks" for product "Globalprotect" and version " >= 5.1 < 5.1.10" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Globalprotect Search vendor "Paloaltonetworks" for product "Globalprotect" | >= 5.2 < 5.2.9 Search vendor "Paloaltonetworks" for product "Globalprotect" and version " >= 5.2 < 5.2.9" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Globalprotect Search vendor "Paloaltonetworks" for product "Globalprotect" | >= 5.2 < 5.2.9 Search vendor "Paloaltonetworks" for product "Globalprotect" and version " >= 5.2 < 5.2.9" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|