PT-2019-2081 · Palo Alto Networks · Globalprotect Agent
Published
2019-04-09
·
Updated
2024-02-27
·
CVE-2019-1573
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
GlobalProtect Agent version 4.1.0 for Windows
GlobalProtect Agent versions 4.1.10 and earlier for macOS
Description
The issue is related to weaknesses in the authentication procedure of the GlobalProtect Agent, which may allow a local authenticated attacker to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user. This could enable an attacker to impersonate the user and gain unauthorized access.
Recommendations
For GlobalProtect Agent version 4.1.0 for Windows: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
For GlobalProtect Agent versions 4.1.10 and earlier for macOS: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Authentication
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Globalprotect Agent