Vulnerabilities > Paloaltonetworks > Globalprotect > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-12 | CVE-2023-0006 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Paloaltonetworks Globalprotect A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition. | 6.3 |
| 2022-02-10 | CVE-2022-0016 | Improper Handling of Exceptional Conditions vulnerability in Paloaltonetworks Globalprotect An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. | 6.9 |
| 2022-02-10 | CVE-2022-0017 | Link Following vulnerability in Paloaltonetworks Globalprotect An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. | 6.9 |
| 2021-04-20 | CVE-2021-3038 | Unspecified vulnerability in Paloaltonetworks Globalprotect A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. | 5.5 |
| 2020-06-10 | CVE-2020-2032 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Paloaltonetworks Globalprotect A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. | 6.9 |
| 2020-02-12 | CVE-2020-1976 | Improper Input Validation vulnerability in Paloaltonetworks Globalprotect A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. | 4.9 |
| 2019-10-16 | CVE-2019-17435 | Unspecified vulnerability in Paloaltonetworks Globalprotect A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation. | 5.5 |
| 2013-08-31 | CVE-2012-6606 | Cryptographic Issues vulnerability in Paloaltonetworks Globalprotect and Netconnect Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof portal servers and obtain sensitive information via a crafted certificate. | 5.8 |