CVE-2020-2033

Name of the Vulnerable Software and Affected Versions Palo Alto Networks GlobalProtect app versions prior to 5.0.10 Palo Alto Networks GlobalProtect app versions prior to 5.1.4

Description The issue is related to a missing certification validation in the GlobalProtect app when the pre-logon feature is enabled. This can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or conduct ARP spoofing attacks. The attacker can access the GlobalProtect Server as allowed by configured Security rules for the 'pre-login' user, although this access may be limited compared to regular users.

Recommendations For GlobalProtect app versions prior to 5.0.10, update to version 5.0.10 or later to resolve the issue. For GlobalProtect app versions prior to 5.1.4, update to version 5.1.4 or later to resolve the issue. As a temporary workaround, consider disabling the pre-logon feature until a patch is available.