Palo Alto Networks Security Advisories / CVE-2020-1987

CVE-2020-1987 GlobalProtect App: VPN cookie local information disclosure

Severity 2.8 · LOW
Attack Vector LOCAL
Attack Complexity LOW
Privileges Required LOW
User Interaction REQUIRED
Confidentiality Impact LOW
Integrity Impact NONE
Availability Impact NONE


An information exposure vulnerability in the logging component of Palo Alto Networks GlobalProtect App allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump".

This issue affects Palo Alto Networks GlobalProtect App 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1.

Product Status

GlobalProtect App 5.1< 5.1.1>= 5.1.1
GlobalProtect App 5.0< 5.0.9>= 5.0.9

Severity: LOW

CVSSv3.1 Base Score: 2.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)

Weakness Type

CWE-215 Information Exposure Through Debug Information


This issue is fixed in GlobalProtect App 5.0.9, GlobalProtect App 5.1.1 and all later versions.

Workarounds and Mitigations


Palo Alto Networks thanks Ahmet Hrnjadovic for discovering and reporting this issue.


Initial publication
© 2020 Palo Alto Networks, Inc. All rights reserved.