Lucene search

Palo_altoCVE-2022-0019

HistoryFeb 10, 2022 - 6:15 p.m.

CVE-2022-0019

2022-02-1018:15:08

CWE-522

palo_alto

web.nvd.nist.gov

"cve-2022-0019

palo alto networks

globalprotect

linux

vulnerability

credentials

security"

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user’s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms.

Affected configurations

Nvd

Vulners

Node

paloaltonetworksglobalprotectRange5.1–5.1.10

paloaltonetworksglobalprotectRange5.2–5.2.7

paloaltonetworksglobalprotectRange5.3–5.3.2

AND

linuxlinux_kernelMatch-

VendorProductVersionCPE
paloaltonetworksglobalprotect*cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
paloaltonetworks	globalprotect	*	cpe:2.3:a:paloaltonetworks:globalprotect::::::::
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*

CNA Affected

[
  {
    "platforms": [
      "Linux"
    ],
    "product": "GlobalProtect App",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "5.3.2",
            "status": "unaffected"
          }
        ],
        "lessThan": "5.3.2",
        "status": "affected",
        "version": "5.3",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "5.2.7",
        "status": "affected",
        "version": "5.2",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "5.1.10",
            "status": "unaffected"
          }
        ],
        "lessThan": "5.1.10",
        "status": "affected",
        "version": "5.1",
        "versionType": "custom"
      }
    ]
  }
]

References

security.paloaltonetworks.com/CVE-2022-0019

Social References

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-0019