PT-2024-4211 · Palo Alto Networks · Palo Alto Networks Globalprotect
Denis Faiustov
+1
·
Published
2024-06-12
·
Updated
2024-11-21
·
CVE-2024-5908
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Palo Alto Networks GlobalProtect App (affected versions not specified)
Description
A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these encrypted credentials are exposed to recipients of the application logs. The issue is related to the exposure of information through log files, which can be exploited by a remote attacker to obtain encrypted user credentials.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Palo Alto Networks Globalprotect