Palo Alto Networks Security Advisories / CVE-2020-1976

CVE-2020-1976 GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability.


Severity 4.7 · MEDIUM
Attack Vector LOCAL
Attack Complexity HIGH
Privileges Required LOW
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact HIGH
NVD JSON
Published: 2020-02-12
Updated: 2020-02-12
Ref#: GPC-9616

Description

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash.

This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.

Product Status

GlobalProtect

VersionsAffectedUnaffected
5.0<= 5.0.5 on Mac OS>= 5.0.6 on Mac OS

Severity: MEDIUM

CVSSv3.1 Base Score: 4.7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

Solution

This issue is fixed in GlobalProtect 5.0.6, GlobalProtect 5.1.0, and all later versions.

Workarounds and Mitigations

n/a

Acknowledgements

This issue was discovered during a security test performed in collaboration with IOActive.
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure Policy Report vulnerabilitiesManage subscriptions
© 2020 Palo Alto Networks, Inc. All rights reserved.