Palo Alto Networks Security Advisories
CVE-2020-1976 GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability.
Attack Vector LOCAL
Attack Complexity HIGH
Privileges Required LOW
User Interaction NONE
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact HIGH
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash.
This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.
|GlobalProtect 5.0||<= 5.0.5 on Mac OS||>= 5.0.6 on Mac OS|
CVSSv3.1 Base Score: 4.7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
CWE-642 External Control of Critical State Data
This issue is fixed in GlobalProtect 5.0.6, GlobalProtect 5.1.0, and all later versions.
Workarounds and Mitigations
This issue was discovered during a security test performed in collaboration with IOActive.
© 2020 Palo Alto Networks, Inc. All rights reserved.