Palo Alto Networks Security Advisories / CVE-2020-1987

CVE-2020-1987 GlobalProtect Agent: VPN cookie local information disclosure

Severity 2.8 · LOW
Attack Vector LOCAL
Attack Complexity LOW
Privileges Required LOW
User Interaction REQUIRED
Confidentiality Impact LOW
Integrity Impact NONE
Availability Impact NONE


An information exposure vulnerability in the logging component of Palo Alto Networks GlobalProtect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump".

This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1.

Product Status

GlobalProtect Agent 5.1< 5.1.1>= 5.1.1
GlobalProtect Agent 5.0< 5.0.9>= 5.0.9

Severity: LOW

CVSSv3.1 Base Score: 2.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)

Weakness Type

CWE-215 Information Exposure Through Debug Information


This issue is fixed in GlobalProtect Agent 5.0.9, GlobalProtect Agent 5.1.1 and all later versions.

Workarounds and Mitigations


Palo Alto Networks thanks Ahmet Hrnjadovic for discovering and reporting this issue.


Initial publication
© 2020 Palo Alto Networks, Inc. All rights reserved.