Palo Alto Networks Security Advisories /
CVE-2020-1976 CVE-2020-1976 GlobalProtect App: Local denial-of-service (DoS) vulnerability on MacOS Attack Vector LOCAL
Attack Complexity HIGH
Privileges Required LOW
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact HIGH
NVD JSON Published 2020-02-12
Updated 2020-02-12
Reference GPC-9616
Discovered internally
Description A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect App running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash.
This issue affects GlobalProtect App 5.0.5 and earlier versions of GlobalProtect App 5.0 on Mac OS.
Product Status Versions Affected Unaffected GlobalProtect App 5.0 <= 5.0.5 on Mac OS >= 5.0.6 on Mac OS
Severity: MEDIUM CVSSv3.1 Base Score: 4.7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H )
Weakness Type CWE-642 External Control of Critical State Data
Solution This issue is fixed in GlobalProtect App 5.0.6, GlobalProtect App 5.1.0, and all later versions.
Workarounds and Mitigations n/a
Acknowledgments
This issue was discovered during a security test performed in collaboration with IOActive.
© 2020 Palo Alto Networks, Inc. All rights reserved.