{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"PAN-OS: GlobalProtect registration open redirect"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2020-1997","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-04-11T00:33:02.211Z","generator":{"date":"2026-04-11T00:33:02.211Z","engine":{"name":"Vulnogram","version":"0.0.9"}},"id":"CVE-2020-1997","initial_release_date":"2020-05-13T16:00:00.000Z","revision_history":[{"number":"1","date":"2020-05-13T09:00:00.000Z","summary":"Initial publication"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[]}]},"vulnerabilities":[{"cve":"CVE-2020-1997","product_status":{"fixed":["PANW-PAN-OS-333","PANW-PAN-OS-334"],"known_affected":["PANW-PAN-OS-333","PANW-PAN-OS-334"],"known_not_affected":["PANW-PAN-OS-335","PANW-PAN-OS-329","PANW-PAN-OS-325"]},"notes":[{"category":"description","text":"An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website."}],"references":[{"category":"external","summary":"NVD - CVE-2020-1997","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1997"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2020-1997","url":"https://security.paloaltonetworks.com/CVE-2020-1997"}],"threats":[{"category":"impact","description":"An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website."}],"scores":[{"cvss_v3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"products":["PANW-PAN-OS-333","PANW-PAN-OS-334"]}]}]}