CVE-2019-1573
2.5
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Palo Alto Networks | GlobalProtect Agent | 4.1 <= 4.1.0 | affected |
| Palo Alto Networks | GlobalProtect Agent | 4.1.11 < 4.1* | unaffected |
Weaknesses
- CWE-226: CWE-226 Sensitive Information Uncleared Before Release
ADP Enrichment
CVE Program Container
Additional References
- https://www.kb.cert.org/vuls/id/192371
- http://www.securityfocus.com/bid/107868
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-783
- https://security.paloaltonetworks.com/CVE-2019-1573
References
- https://www.kb.cert.org/vuls/id/192371
- http://www.securityfocus.com/bid/107868
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-783
- https://security.paloaltonetworks.com/CVE-2019-1573
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.