Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
globalprotect vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-45810
GlobalProtect-openconnect versions before 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compa...
Globalprotect-openconnect Project Globalprotect-openconnect -
NA
CVE-2023-0009
A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges.
Paloaltonetworks Globalprotect 6.1.0
Paloaltonetworks Globalprotect
NA
CVE-2023-0006
A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition.
Paloaltonetworks Globalprotect 6.1.0
Paloaltonetworks Globalprotect
10
CVSSv2
CVE-2021-45809
GlobalProtect-openconnect versions before 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--script=<script>` paramet...
Globalprotect-openconnect Project Globalprotect-openconnect
9.3
CVSSv2
CVE-2021-3057
A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle malicious user to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: GlobalProtect app 5.1 vers...
Paloaltonetworks Globalprotect
Paloaltonetworks Globalprotect 5.0
1.9
CVSSv2
CVE-2019-1573
GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and previous versions for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and repl...
Paloaltonetworks Globalprotect
2.9
CVSSv2
CVE-2020-2033
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to condu...
Paloaltonetworks Globalprotect
7.2
CVSSv2
CVE-2017-15870
Palo Alto Networks GlobalProtect Agent prior to 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."
Paloaltonetworks Globalprotect
6.9
CVSSv2
CVE-2022-0016
An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local malicious user to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under...
Paloaltonetworks Globalprotect
2.6
CVSSv2
CVE-2022-0018
An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration....
Paloaltonetworks Globalprotect
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28254
CVE-2024-32515
CVE-2024-21338
validation
CVE-2024-32522
dos
CVE-2024-2101
CVE-2024-21107
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »