CPE Details
Paloaltonetworks Globalprotect for Windows
-
2020-01-15
17h35 +00:00
17h35 +00:00
2020-01-15
17h35 +00:00
17h35 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:paloaltonetworks:globalprotect:-:*:*:*:*:windows:*:*
Informations
Vendor
paloaltonetworksProduct
globalprotectVersion
-Target Software
windowsRelated CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. | 7.6 |
High |
||
| A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges. | 7.8 |
High |
||
| A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation. | 5.5 |
Medium |
||
| GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user. | 2.5 |
Low |
||
| Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof portal servers and obtain sensitive information via a crafted certificate. | 5.8 |
2025©
tesweb SA
