CVE-2019-1573

Summary

GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksGlobalProtect Agent4.1 <= 4.1.0affected
Palo Alto NetworksGlobalProtect Agent4.1.11 < 4.1*unaffected

Weaknesses

  • CWE-226: CWE-226 Sensitive Information Uncleared Before Release

ADP Enrichment

CVE Program Container

Additional References

References