Lucene search

Palo Alto Networks Product Security Incident Response TeamPA-CVE-2020-1976

HistoryFeb 12, 2020 - 5:00 p.m.

GlobalProtect App: Local denial-of-service (DoS) vulnerability on MacOS

2020-02-1217:00:00

Palo Alto Networks Product Security Incident Response Team

securityadvisories.paloaltonetworks.com

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect App running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash.
This issue affects GlobalProtect App 5.0.5 and earlier versions of GlobalProtect App 5.0 on Mac OS.

Work around:
n/a

Affected configurations

Vulners

Node

softwareglobalprotect_appRange≤5.0.5

VendorProductVersionCPE
softwareglobalprotect_app*cpe:2.3:a:software:globalprotect_app:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
software	globalprotect_app	*	cpe:2.3:a:software:globalprotect_app::::::::

References

security.paloaltonetworks.com/CVE-2020-1976

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

Related for PA-CVE-2020-1976