Claudiu Pancotan

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks PAN-OS (affected versions not specified) Description: An information exposure issue exists in the software, allowing a GlobalProtect end user to obtain the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. With this information, end users can uninstall, disable, or disconnect GlobalProtect, even if the app configuration would not normally permit such actions. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks PAN-OS software (affected versions not specified) Description: A vulnerability in the GlobalProtect portal enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.