CVE-2022-0019
GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user’s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms.
Se presenta una vulnerabilidad de credenciales insuficientemente protegidas en GlobalProtect app de Palo Alto Networks en Linux que expone las credenciales con hash de los usuarios de GlobalProtect que guardaron su contraseña durante sesiones anteriores de GlobalProtect app a otros usuarios locales del sistema. Las credenciales expuestas permiten a un atacante local autenticarse en el portal o la puerta de enlace de GlobalProtect como el usuario de destino sin conocer la contraseña en texto plano del usuario de destino. Este problema afecta: GlobalProtect app 5.1 versiones anteriores a GlobalProtect app 5.1.10 en Linux. GlobalProtect app versiones 5.2 anteriores a GlobalProtect app 5.2.7 en Linux. GlobalProtect app versiones 5.3 anteriores a GlobalProtect app 5.3.2 en Linux. Este problema no afecta a GlobalProtect app en otras plataformas
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-12-28 CVE Reserved
- 2022-02-10 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2022-0019 | 2022-02-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Paloaltonetworks Search vendor "Paloaltonetworks" | Globalprotect Search vendor "Paloaltonetworks" for product "Globalprotect" | >= 5.1 < 5.1.10 Search vendor "Paloaltonetworks" for product "Globalprotect" and version " >= 5.1 < 5.1.10" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Globalprotect Search vendor "Paloaltonetworks" for product "Globalprotect" | >= 5.2 <= 5.2.7 Search vendor "Paloaltonetworks" for product "Globalprotect" and version " >= 5.2 <= 5.2.7" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Paloaltonetworks Search vendor "Paloaltonetworks" | Globalprotect Search vendor "Paloaltonetworks" for product "Globalprotect" | >= 5.3 < 5.3.2 Search vendor "Paloaltonetworks" for product "Globalprotect" and version " >= 5.3 < 5.3.2" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|