Vulnerabilities > Paloaltonetworks > Globalprotect > 5.1.2

DATE CVE VULNERABILITY TITLE RISK
2024-10-09 CVE-2024-9473 Unspecified vulnerability in Paloaltonetworks Globalprotect
A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect.
local
low complexity
paloaltonetworks
7.8
2024-09-11 CVE-2024-8687 Unspecified vulnerability in Paloaltonetworks Pan-Os
An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode.
network
low complexity
paloaltonetworks
7.1
2024-08-14 CVE-2024-5915 Incorrect Permission Assignment for Critical Resource vulnerability in Paloaltonetworks Globalprotect
A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges.
local
low complexity
paloaltonetworks CWE-732
7.8
2024-06-12 CVE-2024-5908 Information Exposure Through Log Files vulnerability in Paloaltonetworks Globalprotect
A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs.
network
low complexity
paloaltonetworks CWE-532
7.5
2023-06-14 CVE-2023-0009 Unspecified vulnerability in Paloaltonetworks Globalprotect
A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges.
local
low complexity
paloaltonetworks
7.8
2022-02-10 CVE-2022-0017 Link Following vulnerability in Paloaltonetworks Globalprotect
An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances.
local
low complexity
paloaltonetworks CWE-59
7.8
2022-02-10 CVE-2022-0018 Information Exposure vulnerability in Paloaltonetworks Globalprotect
An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration.
network
low complexity
paloaltonetworks CWE-200
6.5
2022-02-10 CVE-2022-0019 Insufficiently Protected Credentials vulnerability in Paloaltonetworks Globalprotect
An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system.
local
low complexity
paloaltonetworks CWE-522
5.5
2020-06-10 CVE-2020-2033 Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Globalprotect
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks.
high complexity
paloaltonetworks CWE-290
5.3
2020-06-10 CVE-2020-2032 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Paloaltonetworks Globalprotect
A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges.
local
high complexity
paloaltonetworks CWE-367
7.0