Vulnerability identifier: #VU60487
Vulnerability risk: Low
Exploitation vector: Local
Vendor: Palo Alto Networks, Inc.
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. A local user can read the log files and gain access to sensitive data.
Install updates from vendor's website.
Vulnerable software versions
GlobalProtect Agent: 5.2.0 - 5.2.8
Fixed software versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?