Palo Alto Networks Security Advisories / CVE-2019-1573

CVE-2019-1573 Information Disclosure in GlobalProtect Agent

047910
Severity 2.5 · LOW
Attack Vector LOCAL
Attack Complexity HIGH
Privileges Required LOW
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact LOW
Integrity Impact NONE
Availability Impact NONE

Description

An information disclosure vulnerability exists in the GlobalProtect Agent for Windows and macOS (Ref # GPC-6025, GPC-6468/CVE-2019-1573/VU#192371).

Successful exploitation of this issue would allow a local authenticated attacker to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user. The endpoint would already have to be compromised and have the ability inspect memory for obtaining these tokens.

This issue affects GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS. GlobalProtect Agent for macOS 5.0 is NOT affected.

Product Status

GlobalProtect Agent

VersionsAffectedUnaffected
4.1<= 4.1.0 on Windows,<= 4.1.10 on OS X>= 4.1.1 on Windows,>= 4.1.11 on OS X

Severity: LOW

CVSSv3.1 Base Score: 2.5 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)

Weakness Type

CWE-539 Information Exposure Through Persistent Cookies

Solution

GlobalProtect Agent 4.1.1 and later for Windows, and GlobalProtect Agent 4.1.11 and later for macOS.

Workarounds and Mitigations

n/a

Timeline

Update CVSS score to be accurate, since the attack vector is local and an attacker should have already compromised the user machine and have the ability inspect memory.
Initial publication
© 2020 Palo Alto Networks, Inc. All rights reserved.