Palo Alto Networks Security Advisories / CVE-2020-1976

CVE-2020-1976 GlobalProtect App: Local denial-of-service (DoS) vulnerability on MacOS


047910
Severity 4.7 · MEDIUM
Attack Vector LOCAL
Scope UNCHANGED
Attack Complexity HIGH
Confidentiality Impact NONE
Privileges Required LOW
Integrity Impact NONE
User Interaction NONE
Availability Impact HIGH

Description

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect App running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash.

This issue affects GlobalProtect App 5.0.5 and earlier versions of GlobalProtect App 5.0 on Mac OS.

Product Status

VersionsAffectedUnaffected
GlobalProtect App 5.0<= 5.0.5 on Mac OS>= 5.0.6 on Mac OS

Severity: MEDIUM

CVSSv3.1 Base Score: 4.7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

Weakness Type

CWE-642 External Control of Critical State Data

Solution

This issue is fixed in GlobalProtect App 5.0.6, GlobalProtect App 5.1.0, and all later versions.

Workarounds and Mitigations

n/a

Acknowledgments

This issue was discovered during a security test performed in collaboration with IOActive.
© 2024 Palo Alto Networks, Inc. All rights reserved.