Vulnerabilities > Paloaltonetworks > Globalprotect
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-10 | CVE-2020-2032 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Paloaltonetworks Globalprotect A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. | 6.9 |
| 2020-05-13 | CVE-2020-2004 | Information Exposure Through Log Files vulnerability in Paloaltonetworks Globalprotect Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. | 1.7 |
| 2020-04-08 | CVE-2020-1989 | Improper Privilege Management vulnerability in Paloaltonetworks Globalprotect 5.0/5.0.4/5.1 An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. | 7.2 |
| 2020-04-08 | CVE-2020-1988 | Unquoted Search Path or Element vulnerability in Paloaltonetworks Globalprotect An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. | 7.2 |
| 2020-04-08 | CVE-2020-1987 | Information Exposure Through Log Files vulnerability in Paloaltonetworks Globalprotect An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". | 2.1 |
| 2020-02-12 | CVE-2020-1976 | Improper Input Validation vulnerability in Paloaltonetworks Globalprotect A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. | 4.9 |
| 2019-10-16 | CVE-2019-17436 | Unspecified vulnerability in Paloaltonetworks Globalprotect A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system. | 7.1 |
| 2019-10-16 | CVE-2019-17435 | Unspecified vulnerability in Paloaltonetworks Globalprotect A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation. | 5.5 |
| 2019-04-09 | CVE-2019-1573 | Missing Encryption of Sensitive Data vulnerability in Paloaltonetworks Globalprotect 4.1.0/4.1.10 GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user. | 1.9 |
| 2017-12-11 | CVE-2017-15870 | Unspecified vulnerability in Paloaltonetworks Globalprotect Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking." | 7.2 |