Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paloaltonetworks globalprotect vulnerabilities and exploits
(subscribe to this query)
2.9
CVSSv2
CVE-2020-2033
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to condu...
Paloaltonetworks Globalprotect
5.8
CVSSv2
CVE-2020-1997
An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an malicious user to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access ...
Paloaltonetworks Pan-os
1.7
CVSSv2
CVE-2020-2004
Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. For this issue to occur all of these conditi...
Paloaltonetworks Globalprotect
5.5
CVSSv2
CVE-2020-1993
The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID. This issue affects: All PAN-OS 7.1 and 8.0 versions; PAN-OS 8.1 versi...
Paloaltonetworks Pan-os
4.3
CVSSv2
CVE-2020-2005
A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier...
Paloaltonetworks Pan-os
2.1
CVSSv2
CVE-2020-1987
An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Glob...
Paloaltonetworks Globalprotect
7.2
CVSSv2
CVE-2020-1988
An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks Gl...
Paloaltonetworks Globalprotect
7.2
CVSSv2
CVE-2020-1989
An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global P...
Paloaltonetworks Globalprotect
4.9
CVSSv2
CVE-2020-1976
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and previous versions versions of GlobalProtect 5.0 on Mac O...
Paloaltonetworks Globalprotect
2.1
CVSSv2
CVE-2019-17435
A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and previous versions, and GlobalProtect Agent for Windows 4.1.12 and previous versions, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI install...
Paloaltonetworks Globalprotect
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »