#VU60485 Information disclosure in GlobalProtect Agent

Published: 2022-02-09

Vulnerability identifier: #VU60485

Vulnerability risk: Medium


CVE-ID: CVE-2022-0018


Exploitation vector: Network

Exploit availability:

Vulnerable software:
GlobalProtect Agent
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: Palo Alto Networks, Inc.


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. A remote attacker can perform MitM attack and intercept credentials.

This vulnerability is a concern where the GlobalProtect app is deployed on Bring-your-Own-Device (BYOD) type of clients with private local user accounts or GlobalProtect app is used to connect to different organizations.

Install updates from vendor's website.

Vulnerable software versions

GlobalProtect Agent: 5.1.0 - 5.2.8

Fixed software versions


External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability