Multiple vulnerabilities in Palo Alto Networks GlobalProtect app



Published: 2020-06-11 | Updated: 2020-06-11
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2020-2032
CVE-2020-2033
CWE-ID CWE-367
CWE-295
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe
GlobalProtect Agent
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor Palo Alto Networks, Inc.

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

Updated: 6.11.2020

Provided correct links to affected versions, fixed CWE-ID for vulnerability #1.

1) Time-of-check Time-of-use (TOCTOU) Race Condition

EUVDB-ID: #VU28965

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-2032

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a Time-of-check Time-of-use (TOCTOU) issue during upgrade. An local user can execute arbitrary programs with SYSTEM privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GlobalProtect Agent: 5.0.0 - 5.1.3


CPE2.3 External links

http://security.paloaltonetworks.com/CVE-2020-2032

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Improper Certificate Validation

EUVDB-ID: #VU28966

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-2033

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.

The vulnerability exists due to a missing certification validation, when the pre-logon feature is enabled. A remote attacker on the local network can perform a MitM attack, disclose the pre-logon authentication cookie and access the GlobalProtect Server as allowed by configured Security rules for the "pre-login" user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GlobalProtect Agent: 5.0.0 - 5.1.3


CPE2.3 External links

http://security.paloaltonetworks.com/CVE-2020-2033

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###