mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-30 18:04:30 +00:00
Auto-merge PR#4486
Auto-merge PR#4486
This commit is contained in:
CVE Team
GitHub
commit
8585a62368
@ -1,18 +1,363 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@paloaltonetworks.com",
|
||||
"DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
|
||||
"ID": "CVE-2022-0011",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PAN-OS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "8.1",
|
||||
"version_value": "8.1.21"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "9.1",
|
||||
"version_value": "9.1.12"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "10.0",
|
||||
"version_value": "10.0.8"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_name": "8.1",
|
||||
"version_value": "8.1.21"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_name": "9.1",
|
||||
"version_value": "9.1.12"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_name": "10.0",
|
||||
"version_value": "10.0.8"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_name": "9.0",
|
||||
"version_value": "9.0.*"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "10.1",
|
||||
"version_value": "10.1.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_name": "10.1",
|
||||
"version_value": "10.1.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Prisma Access",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!",
|
||||
"version_name": "3.0",
|
||||
"version_value": "Preferred, Innovation"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_name": "2.2",
|
||||
"version_value": "Preferred"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_name": "2.1",
|
||||
"version_value": "Preferred, Innovation"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Palo Alto Networks"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"configuration": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This issue is applicable only when you configure exceptions to URL filtering either by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile as per https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/url-filtering/block-and-allow-lists.html."
|
||||
}
|
||||
],
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Palo Alto Networks thanks Chris Johnston of PricewaterhouseCoopers for discovering and reporting this issue."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile.\n\nWhen the entries in these lists have a hostname pattern that does not end with a forward slash (/) or a hostname pattern that ends with an asterisk (*), any URL that starts with the specified pattern is considered a match. Entries with a caret (^) at the end of a hostname pattern match any top level domain. This may inadvertently allow or block more URLs than intended and allowing more URLs than intended represents a security risk.\n\nFor example:\n example.com will match example.com.website.test\n example.com.* will match example.com.website.test\n example.com.^ will match example.com.test\n\nYou should take special care when using such entries in policy rules that allow traffic. Where possible, use the exact list of hostname names ending with a forward slash (/) instead of using wildcards.\n\nPAN-OS 10.1 versions earlier than PAN-OS 10.1.3; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 9.1 versions earlier than PAN-OS 9.1.12; all PAN-OS 9.0 versions; PAN-OS 8.1 versions earlier than PAN-OS 8.1.21, and Prisma Access 2.2 and 2.1 versions do not allow customers to change this behavior without changing the URL category list or EDL."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
|
||||
}
|
||||
],
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-436 Interpretation Conflict"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://security.paloaltonetworks.com/CVE-2022-0011"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "PAN-OS 8.1.21, PAN-OS 9.1.12, PAN-OS 10.0.8, PAN-OS 10.1.3, Prisma Access 3.0 Preferred, and Prisma Access 3.0 Innovation all include a customer configurable option to automatically append a forward slash at the end of the hostname pattern for entries without an ending token in a custom URL category list or in an external dynamic list (EDL).\n\nPrisma Access customers should refer to “STEP 7” in the following Prisma Access 3.0 documentation to enable this feature:\n\nhttps://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prepare-the-prisma-access-infrastructure/prisma-access-service-infrastructure/enable-the-service-infrastructure.html\n\nFor other PAN-OS appliances, this option is enabled by running these CLI commands:\n debug device-server append-end-token on\n commit force\n\nNote: This option is disabled by default on PAN-OS 8.1, PAN-OS 9.1, PAN-OS 10.0, and PAN-OS 10.1. This option will be enabled by default starting with the next major version of PAN-OS. This option is not available on PAN-OS 9.0. Customers with PAN-OS 9.0 are advised to apply workarounds or upgrade to PAN-OS 9.1 or a later version.\n\nAdditionally, customers must evaluate their custom URL category list or their external dynamic list (EDL) and any firewall policy rules that depend on them to determine whether this option provides the desired policy rule enforcement.\n\nExample 1: If the firewall policy rule is intended to allow only 'www.example.com' and not to allow access to any other site, such as www.example.com.webiste.test, then use the \"debug device-server append-end-token on\" CLI command.\n\nExample 2: If the firewall policy rule is set to block access to 'www.example.co' and block access to sites such as www.example.com, www.example.co.az, then keep the default setting (\"debug device-server append-end-token off\" CLI command). You should always use the most appropriate token if you need to match multiple hostnames in a policy rule.\n"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"defect": [
|
||||
"PAN-174443"
|
||||
],
|
||||
"discovery": "EXTERNAL"
|
||||
},
|
||||
"timeline": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"time": "2022-02-09T17:00:00.000Z",
|
||||
"value": "initial publication"
|
||||
}
|
||||
],
|
||||
"work_around": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Add a forward slash (/) at the end of the hostname pattern for all entries in the custom URL category list or the external dynamic list (EDL).\n\nFor example:\n example.com/ will not match example.com.website.test\n"
|
||||
}
|
||||
],
|
||||
"x_advisoryEoL": false,
|
||||
"x_affectedList": [
|
||||
"Prisma Access 2.2",
|
||||
"Prisma Access 2.1",
|
||||
"PAN-OS 10.1.2",
|
||||
"PAN-OS 10.1.1",
|
||||
"PAN-OS 10.1.0",
|
||||
"PAN-OS 10.1",
|
||||
"PAN-OS 10.0.7",
|
||||
"PAN-OS 10.0.6",
|
||||
"PAN-OS 10.0.5",
|
||||
"PAN-OS 10.0.4",
|
||||
"PAN-OS 10.0.3",
|
||||
"PAN-OS 10.0.2",
|
||||
"PAN-OS 10.0.1",
|
||||
"PAN-OS 10.0.0",
|
||||
"PAN-OS 10.0",
|
||||
"PAN-OS 9.1.11-h3",
|
||||
"PAN-OS 9.1.11-h2",
|
||||
"PAN-OS 9.1.11-h1",
|
||||
"PAN-OS 9.1.11",
|
||||
"PAN-OS 9.1.10",
|
||||
"PAN-OS 9.1.9",
|
||||
"PAN-OS 9.1.8",
|
||||
"PAN-OS 9.1.7",
|
||||
"PAN-OS 9.1.6",
|
||||
"PAN-OS 9.1.5",
|
||||
"PAN-OS 9.1.4",
|
||||
"PAN-OS 9.1.3-h1",
|
||||
"PAN-OS 9.1.3",
|
||||
"PAN-OS 9.1.2-h1",
|
||||
"PAN-OS 9.1.2",
|
||||
"PAN-OS 9.1.1",
|
||||
"PAN-OS 9.1.0-h3",
|
||||
"PAN-OS 9.1.0-h2",
|
||||
"PAN-OS 9.1.0-h1",
|
||||
"PAN-OS 9.1.0",
|
||||
"PAN-OS 9.1",
|
||||
"PAN-OS 9.0.15",
|
||||
"PAN-OS 9.0.14-h4",
|
||||
"PAN-OS 9.0.14-h3",
|
||||
"PAN-OS 9.0.14-h2",
|
||||
"PAN-OS 9.0.14-h1",
|
||||
"PAN-OS 9.0.14",
|
||||
"PAN-OS 9.0.13",
|
||||
"PAN-OS 9.0.12",
|
||||
"PAN-OS 9.0.11",
|
||||
"PAN-OS 9.0.10",
|
||||
"PAN-OS 9.0.9-h1",
|
||||
"PAN-OS 9.0.9",
|
||||
"PAN-OS 9.0.8",
|
||||
"PAN-OS 9.0.7",
|
||||
"PAN-OS 9.0.6",
|
||||
"PAN-OS 9.0.5",
|
||||
"PAN-OS 9.0.4",
|
||||
"PAN-OS 9.0.3-h3",
|
||||
"PAN-OS 9.0.3-h2",
|
||||
"PAN-OS 9.0.3-h1",
|
||||
"PAN-OS 9.0.3",
|
||||
"PAN-OS 9.0.2-h4",
|
||||
"PAN-OS 9.0.2-h3",
|
||||
"PAN-OS 9.0.2-h2",
|
||||
"PAN-OS 9.0.2-h1",
|
||||
"PAN-OS 9.0.2",
|
||||
"PAN-OS 9.0.1",
|
||||
"PAN-OS 9.0.0",
|
||||
"PAN-OS 9.0",
|
||||
"PAN-OS 8.1.20-h1",
|
||||
"PAN-OS 8.1.20",
|
||||
"PAN-OS 8.1.19",
|
||||
"PAN-OS 8.1.18",
|
||||
"PAN-OS 8.1.17",
|
||||
"PAN-OS 8.1.16",
|
||||
"PAN-OS 8.1.15-h3",
|
||||
"PAN-OS 8.1.15-h2",
|
||||
"PAN-OS 8.1.15-h1",
|
||||
"PAN-OS 8.1.15",
|
||||
"PAN-OS 8.1.14-h2",
|
||||
"PAN-OS 8.1.14-h1",
|
||||
"PAN-OS 8.1.14",
|
||||
"PAN-OS 8.1.13",
|
||||
"PAN-OS 8.1.12",
|
||||
"PAN-OS 8.1.11",
|
||||
"PAN-OS 8.1.10",
|
||||
"PAN-OS 8.1.9-h4",
|
||||
"PAN-OS 8.1.9-h3",
|
||||
"PAN-OS 8.1.9-h2",
|
||||
"PAN-OS 8.1.9-h1",
|
||||
"PAN-OS 8.1.9",
|
||||
"PAN-OS 8.1.8-h5",
|
||||
"PAN-OS 8.1.8-h4",
|
||||
"PAN-OS 8.1.8-h3",
|
||||
"PAN-OS 8.1.8-h2",
|
||||
"PAN-OS 8.1.8-h1",
|
||||
"PAN-OS 8.1.8",
|
||||
"PAN-OS 8.1.7",
|
||||
"PAN-OS 8.1.6-h2",
|
||||
"PAN-OS 8.1.6-h1",
|
||||
"PAN-OS 8.1.6",
|
||||
"PAN-OS 8.1.5",
|
||||
"PAN-OS 8.1.4",
|
||||
"PAN-OS 8.1.3",
|
||||
"PAN-OS 8.1.2",
|
||||
"PAN-OS 8.1.1",
|
||||
"PAN-OS 8.1.0",
|
||||
"PAN-OS 8.1"
|
||||
],
|
||||
"x_likelyAffectedList": [
|
||||
"PAN-OS 8.0.20",
|
||||
"PAN-OS 8.0.19-h1",
|
||||
"PAN-OS 8.0.19",
|
||||
"PAN-OS 8.0.18",
|
||||
"PAN-OS 8.0.17",
|
||||
"PAN-OS 8.0.16",
|
||||
"PAN-OS 8.0.15",
|
||||
"PAN-OS 8.0.14",
|
||||
"PAN-OS 8.0.13",
|
||||
"PAN-OS 8.0.12",
|
||||
"PAN-OS 8.0.11-h1",
|
||||
"PAN-OS 8.0.10",
|
||||
"PAN-OS 8.0.9",
|
||||
"PAN-OS 8.0.8",
|
||||
"PAN-OS 8.0.7",
|
||||
"PAN-OS 8.0.6-h3",
|
||||
"PAN-OS 8.0.6-h2",
|
||||
"PAN-OS 8.0.6-h1",
|
||||
"PAN-OS 8.0.6",
|
||||
"PAN-OS 8.0.5",
|
||||
"PAN-OS 8.0.4",
|
||||
"PAN-OS 8.0.3-h4",
|
||||
"PAN-OS 8.0.3-h3",
|
||||
"PAN-OS 8.0.3-h2",
|
||||
"PAN-OS 8.0.3-h1",
|
||||
"PAN-OS 8.0.3",
|
||||
"PAN-OS 8.0.2",
|
||||
"PAN-OS 8.0.1",
|
||||
"PAN-OS 8.0.0",
|
||||
"PAN-OS 8.0",
|
||||
"PAN-OS 7.1.26",
|
||||
"PAN-OS 7.1.25",
|
||||
"PAN-OS 7.1.24-h1",
|
||||
"PAN-OS 7.1.24",
|
||||
"PAN-OS 7.1.23",
|
||||
"PAN-OS 7.1.22",
|
||||
"PAN-OS 7.1.21",
|
||||
"PAN-OS 7.1.20",
|
||||
"PAN-OS 7.1.19",
|
||||
"PAN-OS 7.1.18",
|
||||
"PAN-OS 7.1.17",
|
||||
"PAN-OS 7.1.16",
|
||||
"PAN-OS 7.1.15",
|
||||
"PAN-OS 7.1.14",
|
||||
"PAN-OS 7.1.13",
|
||||
"PAN-OS 7.1.12",
|
||||
"PAN-OS 7.1.11",
|
||||
"PAN-OS 7.1.10",
|
||||
"PAN-OS 7.1.9-h4",
|
||||
"PAN-OS 7.1.9-h3",
|
||||
"PAN-OS 7.1.9-h2",
|
||||
"PAN-OS 7.1.9-h1",
|
||||
"PAN-OS 7.1.9",
|
||||
"PAN-OS 7.1.8",
|
||||
"PAN-OS 7.1.7",
|
||||
"PAN-OS 7.1.6",
|
||||
"PAN-OS 7.1.5",
|
||||
"PAN-OS 7.1.4-h2",
|
||||
"PAN-OS 7.1.4-h1",
|
||||
"PAN-OS 7.1.4",
|
||||
"PAN-OS 7.1.3",
|
||||
"PAN-OS 7.1.2",
|
||||
"PAN-OS 7.1.1",
|
||||
"PAN-OS 7.1.0",
|
||||
"PAN-OS 7.1"
|
||||
]
|
||||
}
|
||||
@ -1,18 +1,262 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@paloaltonetworks.com",
|
||||
"DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
|
||||
"ID": "CVE-2022-0016",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "GlobalProtect App",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"platform": "Windows and MacOS",
|
||||
"version_affected": "<",
|
||||
"version_name": "5.2",
|
||||
"version_value": "5.2.9"
|
||||
},
|
||||
{
|
||||
"platform": "Windows and MacOS",
|
||||
"version_affected": "!>=",
|
||||
"version_name": "5.2",
|
||||
"version_value": "5.2.9"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_name": "5.1",
|
||||
"version_value": "5.1.*"
|
||||
},
|
||||
{
|
||||
"version_affected": "!",
|
||||
"version_name": "5.3",
|
||||
"version_value": "5.3.*"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Palo Alto Networks"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"configuration": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This issue is applicable only to devices configured to use the GlobalProtect Connect Before Logon feature.\n"
|
||||
}
|
||||
],
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Palo Alto Networks thanks Adam Crosser (Praetorian), Brian Sizemore (Praetorian) and N. Sao (Genetec) for independently discovering and reporting this issue."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances.\nThis issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS.\n\nThis issue does not affect the GlobalProtect app on other platforms."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
|
||||
}
|
||||
],
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "HIGH",
|
||||
"attackVector": "LOCAL",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.4,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-703 Improper Check or Handling of Exceptional Conditions"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://security.paloaltonetworks.com/CVE-2022-0016"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This issue is fixed in GlobalProtect app 5.2.9 on Windows and MacOS, and all later GlobalProtect app versions.\n"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"defect": [
|
||||
"GPC-14404",
|
||||
"GPC-13685",
|
||||
"GPC-14747"
|
||||
],
|
||||
"discovery": "EXTERNAL"
|
||||
},
|
||||
"timeline": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"time": "2022-02-09T17:00:00.000Z",
|
||||
"value": "Initial publication"
|
||||
}
|
||||
],
|
||||
"work_around": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "There are no known workarounds for this issue."
|
||||
}
|
||||
],
|
||||
"x_advisoryEoL": true,
|
||||
"x_affectedList": [
|
||||
"GlobalProtect App 5.2.8",
|
||||
"GlobalProtect App 5.2.7",
|
||||
"GlobalProtect App 5.2.6",
|
||||
"GlobalProtect App 5.2.5",
|
||||
"GlobalProtect App 5.2.4",
|
||||
"GlobalProtect App 5.2.3",
|
||||
"GlobalProtect App 5.2.2",
|
||||
"GlobalProtect App 5.2.1",
|
||||
"GlobalProtect App 5.2.0",
|
||||
"GlobalProtect App 5.2"
|
||||
],
|
||||
"x_likelyAffectedList": [
|
||||
"GlobalProtect App 5.0.10",
|
||||
"GlobalProtect App 5.0.9",
|
||||
"GlobalProtect App 5.0.8",
|
||||
"GlobalProtect App 5.0.7",
|
||||
"GlobalProtect App 5.0.6",
|
||||
"GlobalProtect App 5.0.5",
|
||||
"GlobalProtect App 5.0.4",
|
||||
"GlobalProtect App 5.0.3",
|
||||
"GlobalProtect App 5.0.2",
|
||||
"GlobalProtect App 5.0.1",
|
||||
"GlobalProtect App 5.0.0",
|
||||
"GlobalProtect App 5.0",
|
||||
"GlobalProtect App 4.1.13",
|
||||
"GlobalProtect App 4.1.12",
|
||||
"GlobalProtect App 4.1.11",
|
||||
"GlobalProtect App 4.1.10",
|
||||
"GlobalProtect App 4.1.9",
|
||||
"GlobalProtect App 4.1.8",
|
||||
"GlobalProtect App 4.1.7",
|
||||
"GlobalProtect App 4.1.6",
|
||||
"GlobalProtect App 4.1.5",
|
||||
"GlobalProtect App 4.1.4",
|
||||
"GlobalProtect App 4.1.3",
|
||||
"GlobalProtect App 4.1.2",
|
||||
"GlobalProtect App 4.1.1",
|
||||
"GlobalProtect App 4.1.0",
|
||||
"GlobalProtect App 4.1",
|
||||
"GlobalProtect App 4.0.8",
|
||||
"GlobalProtect App 4.0.7",
|
||||
"GlobalProtect App 4.0.6",
|
||||
"GlobalProtect App 4.0.5",
|
||||
"GlobalProtect App 4.0.4",
|
||||
"GlobalProtect App 4.0.3",
|
||||
"GlobalProtect App 4.0.2",
|
||||
"GlobalProtect App 4.0.0",
|
||||
"GlobalProtect App 4.0",
|
||||
"GlobalProtect App 3.1.6",
|
||||
"GlobalProtect App 3.1.5",
|
||||
"GlobalProtect App 3.1.4",
|
||||
"GlobalProtect App 3.1.3",
|
||||
"GlobalProtect App 3.1.1",
|
||||
"GlobalProtect App 3.1.0",
|
||||
"GlobalProtect App 3.1",
|
||||
"GlobalProtect App 3.0.3",
|
||||
"GlobalProtect App 3.0.2",
|
||||
"GlobalProtect App 3.0.1",
|
||||
"GlobalProtect App 3.0.0",
|
||||
"GlobalProtect App 3.0",
|
||||
"GlobalProtect App 2.3.5",
|
||||
"GlobalProtect App 2.3.4",
|
||||
"GlobalProtect App 2.3.3",
|
||||
"GlobalProtect App 2.3.2",
|
||||
"GlobalProtect App 2.3.1",
|
||||
"GlobalProtect App 2.3.0",
|
||||
"GlobalProtect App 2.3",
|
||||
"GlobalProtect App 2.2.2",
|
||||
"GlobalProtect App 2.2.1",
|
||||
"GlobalProtect App 2.2.0",
|
||||
"GlobalProtect App 2.2",
|
||||
"GlobalProtect App 2.1.4",
|
||||
"GlobalProtect App 2.1.3",
|
||||
"GlobalProtect App 2.1.2",
|
||||
"GlobalProtect App 2.1.1",
|
||||
"GlobalProtect App 2.1.0",
|
||||
"GlobalProtect App 2.1",
|
||||
"GlobalProtect App 2.0.5",
|
||||
"GlobalProtect App 2.0.4",
|
||||
"GlobalProtect App 2.0.3",
|
||||
"GlobalProtect App 2.0.2",
|
||||
"GlobalProtect App 2.0.1",
|
||||
"GlobalProtect App 2.0.0",
|
||||
"GlobalProtect App 2.0",
|
||||
"GlobalProtect App 1.2.11",
|
||||
"GlobalProtect App 1.2.10",
|
||||
"GlobalProtect App 1.2.9",
|
||||
"GlobalProtect App 1.2.8",
|
||||
"GlobalProtect App 1.2.7",
|
||||
"GlobalProtect App 1.2.6",
|
||||
"GlobalProtect App 1.2.5",
|
||||
"GlobalProtect App 1.2.4",
|
||||
"GlobalProtect App 1.2.3",
|
||||
"GlobalProtect App 1.2.2",
|
||||
"GlobalProtect App 1.2.1",
|
||||
"GlobalProtect App 1.2.0",
|
||||
"GlobalProtect App 1.2",
|
||||
"GlobalProtect App 1.1.8",
|
||||
"GlobalProtect App 1.1.7",
|
||||
"GlobalProtect App 1.1.6",
|
||||
"GlobalProtect App 1.1.5",
|
||||
"GlobalProtect App 1.1.4",
|
||||
"GlobalProtect App 1.1.3",
|
||||
"GlobalProtect App 1.1.2",
|
||||
"GlobalProtect App 1.1.1",
|
||||
"GlobalProtect App 1.1.0",
|
||||
"GlobalProtect App 1.1",
|
||||
"GlobalProtect App 1.0.8",
|
||||
"GlobalProtect App 1.0.7",
|
||||
"GlobalProtect App 1.0.5",
|
||||
"GlobalProtect App 1.0.3",
|
||||
"GlobalProtect App 1.0.1",
|
||||
"GlobalProtect App 1.0"
|
||||
]
|
||||
}
|
||||
@ -1,18 +1,267 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@paloaltonetworks.com",
|
||||
"DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
|
||||
"ID": "CVE-2022-0017",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "GlobalProtect App",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"platform": "Windows",
|
||||
"version_affected": "<",
|
||||
"version_name": "5.2",
|
||||
"version_value": "5.2.5"
|
||||
},
|
||||
{
|
||||
"platform": "Windows",
|
||||
"version_affected": "!>=",
|
||||
"version_name": "5.2",
|
||||
"version_value": "5.2.5"
|
||||
},
|
||||
{
|
||||
"platform": "Windows",
|
||||
"version_affected": "<",
|
||||
"version_name": "5.1",
|
||||
"version_value": "5.1.10"
|
||||
},
|
||||
{
|
||||
"platform": "Windows",
|
||||
"version_affected": "!>=",
|
||||
"version_name": "5.1",
|
||||
"version_value": "5.1.10"
|
||||
},
|
||||
{
|
||||
"version_affected": "!",
|
||||
"version_name": "5.3",
|
||||
"version_value": "5.3.*"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Palo Alto Networks"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Palo Alto Networks thanks Christophe Schleypen of NATO Cyber Security Centre Pentesting for discovering and reporting this issue."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances.\nThis issue impacts:\nGlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows.\nGlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows.\n\nThis issue does not affect GlobalProtect app on other platforms."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
|
||||
}
|
||||
],
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "HIGH",
|
||||
"attackVector": "LOCAL",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-59 Improper Link Resolution Before File Access ('Link Following')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://security.paloaltonetworks.com/CVE-2022-0017"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This issue is fixed in GlobalProtect app 5.1.10 on Windows, GlobalProtect app 5.2.5 on Windows and all later GlobalProtect app versions."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"defect": [
|
||||
"GPC-10982"
|
||||
],
|
||||
"discovery": "EXTERNAL"
|
||||
},
|
||||
"timeline": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"time": "2022-02-09T17:00:00.000Z",
|
||||
"value": "Initial publication"
|
||||
}
|
||||
],
|
||||
"work_around": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "There are no known workarounds for this issue."
|
||||
}
|
||||
],
|
||||
"x_advisoryEoL": true,
|
||||
"x_affectedList": [
|
||||
"GlobalProtect App 5.2.4",
|
||||
"GlobalProtect App 5.2.3",
|
||||
"GlobalProtect App 5.2.2",
|
||||
"GlobalProtect App 5.2.1",
|
||||
"GlobalProtect App 5.2.0",
|
||||
"GlobalProtect App 5.2",
|
||||
"GlobalProtect App 5.1.9",
|
||||
"GlobalProtect App 5.1.8",
|
||||
"GlobalProtect App 5.1.7",
|
||||
"GlobalProtect App 5.1.6",
|
||||
"GlobalProtect App 5.1.5",
|
||||
"GlobalProtect App 5.1.4",
|
||||
"GlobalProtect App 5.1.3",
|
||||
"GlobalProtect App 5.1.1",
|
||||
"GlobalProtect App 5.1.0",
|
||||
"GlobalProtect App 5.1"
|
||||
],
|
||||
"x_likelyAffectedList": [
|
||||
"GlobalProtect App 5.0.10",
|
||||
"GlobalProtect App 5.0.9",
|
||||
"GlobalProtect App 5.0.8",
|
||||
"GlobalProtect App 5.0.7",
|
||||
"GlobalProtect App 5.0.6",
|
||||
"GlobalProtect App 5.0.5",
|
||||
"GlobalProtect App 5.0.4",
|
||||
"GlobalProtect App 5.0.3",
|
||||
"GlobalProtect App 5.0.2",
|
||||
"GlobalProtect App 5.0.1",
|
||||
"GlobalProtect App 5.0.0",
|
||||
"GlobalProtect App 5.0",
|
||||
"GlobalProtect App 4.1.13",
|
||||
"GlobalProtect App 4.1.12",
|
||||
"GlobalProtect App 4.1.11",
|
||||
"GlobalProtect App 4.1.10",
|
||||
"GlobalProtect App 4.1.9",
|
||||
"GlobalProtect App 4.1.8",
|
||||
"GlobalProtect App 4.1.7",
|
||||
"GlobalProtect App 4.1.6",
|
||||
"GlobalProtect App 4.1.5",
|
||||
"GlobalProtect App 4.1.4",
|
||||
"GlobalProtect App 4.1.3",
|
||||
"GlobalProtect App 4.1.2",
|
||||
"GlobalProtect App 4.1.1",
|
||||
"GlobalProtect App 4.1.0",
|
||||
"GlobalProtect App 4.1",
|
||||
"GlobalProtect App 4.0.8",
|
||||
"GlobalProtect App 4.0.7",
|
||||
"GlobalProtect App 4.0.6",
|
||||
"GlobalProtect App 4.0.5",
|
||||
"GlobalProtect App 4.0.4",
|
||||
"GlobalProtect App 4.0.3",
|
||||
"GlobalProtect App 4.0.2",
|
||||
"GlobalProtect App 4.0.0",
|
||||
"GlobalProtect App 4.0",
|
||||
"GlobalProtect App 3.1.6",
|
||||
"GlobalProtect App 3.1.5",
|
||||
"GlobalProtect App 3.1.4",
|
||||
"GlobalProtect App 3.1.3",
|
||||
"GlobalProtect App 3.1.1",
|
||||
"GlobalProtect App 3.1.0",
|
||||
"GlobalProtect App 3.1",
|
||||
"GlobalProtect App 3.0.3",
|
||||
"GlobalProtect App 3.0.2",
|
||||
"GlobalProtect App 3.0.1",
|
||||
"GlobalProtect App 3.0.0",
|
||||
"GlobalProtect App 3.0",
|
||||
"GlobalProtect App 2.3.5",
|
||||
"GlobalProtect App 2.3.4",
|
||||
"GlobalProtect App 2.3.3",
|
||||
"GlobalProtect App 2.3.2",
|
||||
"GlobalProtect App 2.3.1",
|
||||
"GlobalProtect App 2.3.0",
|
||||
"GlobalProtect App 2.3",
|
||||
"GlobalProtect App 2.2.2",
|
||||
"GlobalProtect App 2.2.1",
|
||||
"GlobalProtect App 2.2.0",
|
||||
"GlobalProtect App 2.2",
|
||||
"GlobalProtect App 2.1.4",
|
||||
"GlobalProtect App 2.1.3",
|
||||
"GlobalProtect App 2.1.2",
|
||||
"GlobalProtect App 2.1.1",
|
||||
"GlobalProtect App 2.1.0",
|
||||
"GlobalProtect App 2.1",
|
||||
"GlobalProtect App 2.0.5",
|
||||
"GlobalProtect App 2.0.4",
|
||||
"GlobalProtect App 2.0.3",
|
||||
"GlobalProtect App 2.0.2",
|
||||
"GlobalProtect App 2.0.1",
|
||||
"GlobalProtect App 2.0.0",
|
||||
"GlobalProtect App 2.0",
|
||||
"GlobalProtect App 1.2.11",
|
||||
"GlobalProtect App 1.2.10",
|
||||
"GlobalProtect App 1.2.9",
|
||||
"GlobalProtect App 1.2.8",
|
||||
"GlobalProtect App 1.2.7",
|
||||
"GlobalProtect App 1.2.6",
|
||||
"GlobalProtect App 1.2.5",
|
||||
"GlobalProtect App 1.2.4",
|
||||
"GlobalProtect App 1.2.3",
|
||||
"GlobalProtect App 1.2.2",
|
||||
"GlobalProtect App 1.2.1",
|
||||
"GlobalProtect App 1.2.0",
|
||||
"GlobalProtect App 1.2",
|
||||
"GlobalProtect App 1.1.8",
|
||||
"GlobalProtect App 1.1.7",
|
||||
"GlobalProtect App 1.1.6",
|
||||
"GlobalProtect App 1.1.5",
|
||||
"GlobalProtect App 1.1.4",
|
||||
"GlobalProtect App 1.1.3",
|
||||
"GlobalProtect App 1.1.2",
|
||||
"GlobalProtect App 1.1.1",
|
||||
"GlobalProtect App 1.1.0",
|
||||
"GlobalProtect App 1.1",
|
||||
"GlobalProtect App 1.0.8",
|
||||
"GlobalProtect App 1.0.7",
|
||||
"GlobalProtect App 1.0.5",
|
||||
"GlobalProtect App 1.0.3",
|
||||
"GlobalProtect App 1.0.1",
|
||||
"GlobalProtect App 1.0"
|
||||
]
|
||||
}
|
||||
@ -1,18 +1,271 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@paloaltonetworks.com",
|
||||
"DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
|
||||
"ID": "CVE-2022-0018",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "GlobalProtect App",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"platform": "Windows and MacOS",
|
||||
"version_affected": "<",
|
||||
"version_name": "5.2",
|
||||
"version_value": "5.2.9"
|
||||
},
|
||||
{
|
||||
"platform": "Windows and MacOS",
|
||||
"version_affected": "!>=",
|
||||
"version_name": "5.2",
|
||||
"version_value": "5.2.9"
|
||||
},
|
||||
{
|
||||
"platform": "Windows and MacOS",
|
||||
"version_affected": "<",
|
||||
"version_name": "5.1",
|
||||
"version_value": "5.1.10"
|
||||
},
|
||||
{
|
||||
"platform": "Windows and MacOS",
|
||||
"version_affected": "!>=",
|
||||
"version_name": "5.1",
|
||||
"version_value": "5.1.10"
|
||||
},
|
||||
{
|
||||
"version_affected": "!",
|
||||
"version_name": "5.3",
|
||||
"version_value": "5.3.*"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Palo Alto Networks"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Palo Alto Networks thanks Irina Belyaeva of Jet Infosystems for discovering and reporting this issue."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration.\n\nThis product behavior is intentional and poses no security risk when connecting to trusted GlobalProtect portals configured to use the same Single Sign-On credentials both for the local user account as well as the GlobalProtect login. However when the credentials are different, the local account credentials are inadvertently sent to the GlobalProtect portal for authentication. A third party MITM type of attacker cannot see these credentials in transit.\n\nThis vulnerability is a concern where the GlobalProtect app is deployed on Bring-your-Own-Device (BYOD) type of clients with private local user accounts or GlobalProtect app is used to connect to different organizations.\n\nFixed versions of GlobalProtect app have an app setting to prevent the transmission of the user's local user credentials to the target GlobalProtect portal regardless of the portal configuration.\nThis issue impacts:\nGlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows and MacOS;\nGlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS\n\nThis issue does not affect GlobalProtect app on other platforms.\n"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n\n"
|
||||
}
|
||||
],
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-201 Information Exposure Through Sent Data"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://security.paloaltonetworks.com/CVE-2022-0018"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This issue is fixed in GlobalProtect app 5.1.10 on Windows and MacOS, GlobalProtect app 5.2.9 on Windows and MacOS, and all later GlobalProtect app versions with the ‘force-disable-sso’ app setting.\n\nSet ‘force-disable-sso’ to ‘yes’ to prevent unintended transmission of the local user credentials as described here:\nhttps://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-apps/deploy-app-settings-transparently/customizable-app-settings/app-behavior-options.html\n"
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"defect": [
|
||||
"GPC-14203"
|
||||
],
|
||||
"discovery": "EXTERNAL"
|
||||
},
|
||||
"timeline": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"time": "2022-02-09T17:00:00.000Z",
|
||||
"value": "Initial publication"
|
||||
}
|
||||
],
|
||||
"work_around": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "There are no known workarounds for this issue.\n\n"
|
||||
}
|
||||
],
|
||||
"x_advisoryEoL": true,
|
||||
"x_affectedList": [
|
||||
"GlobalProtect App 5.2.8",
|
||||
"GlobalProtect App 5.2.7",
|
||||
"GlobalProtect App 5.2.6",
|
||||
"GlobalProtect App 5.2.5",
|
||||
"GlobalProtect App 5.2.4",
|
||||
"GlobalProtect App 5.2.3",
|
||||
"GlobalProtect App 5.2.2",
|
||||
"GlobalProtect App 5.2.1",
|
||||
"GlobalProtect App 5.2.0",
|
||||
"GlobalProtect App 5.2",
|
||||
"GlobalProtect App 5.1.9",
|
||||
"GlobalProtect App 5.1.8",
|
||||
"GlobalProtect App 5.1.7",
|
||||
"GlobalProtect App 5.1.6",
|
||||
"GlobalProtect App 5.1.5",
|
||||
"GlobalProtect App 5.1.4",
|
||||
"GlobalProtect App 5.1.3",
|
||||
"GlobalProtect App 5.1.1",
|
||||
"GlobalProtect App 5.1.0",
|
||||
"GlobalProtect App 5.1"
|
||||
],
|
||||
"x_likelyAffectedList": [
|
||||
"GlobalProtect App 5.0.10",
|
||||
"GlobalProtect App 5.0.9",
|
||||
"GlobalProtect App 5.0.8",
|
||||
"GlobalProtect App 5.0.7",
|
||||
"GlobalProtect App 5.0.6",
|
||||
"GlobalProtect App 5.0.5",
|
||||
"GlobalProtect App 5.0.4",
|
||||
"GlobalProtect App 5.0.3",
|
||||
"GlobalProtect App 5.0.2",
|
||||
"GlobalProtect App 5.0.1",
|
||||
"GlobalProtect App 5.0.0",
|
||||
"GlobalProtect App 5.0",
|
||||
"GlobalProtect App 4.1.13",
|
||||
"GlobalProtect App 4.1.12",
|
||||
"GlobalProtect App 4.1.11",
|
||||
"GlobalProtect App 4.1.10",
|
||||
"GlobalProtect App 4.1.9",
|
||||
"GlobalProtect App 4.1.8",
|
||||
"GlobalProtect App 4.1.7",
|
||||
"GlobalProtect App 4.1.6",
|
||||
"GlobalProtect App 4.1.5",
|
||||
"GlobalProtect App 4.1.4",
|
||||
"GlobalProtect App 4.1.3",
|
||||
"GlobalProtect App 4.1.2",
|
||||
"GlobalProtect App 4.1.1",
|
||||
"GlobalProtect App 4.1.0",
|
||||
"GlobalProtect App 4.1",
|
||||
"GlobalProtect App 4.0.8",
|
||||
"GlobalProtect App 4.0.7",
|
||||
"GlobalProtect App 4.0.6",
|
||||
"GlobalProtect App 4.0.5",
|
||||
"GlobalProtect App 4.0.4",
|
||||
"GlobalProtect App 4.0.3",
|
||||
"GlobalProtect App 4.0.2",
|
||||
"GlobalProtect App 4.0.0",
|
||||
"GlobalProtect App 4.0",
|
||||
"GlobalProtect App 3.1.6",
|
||||
"GlobalProtect App 3.1.5",
|
||||
"GlobalProtect App 3.1.4",
|
||||
"GlobalProtect App 3.1.3",
|
||||
"GlobalProtect App 3.1.1",
|
||||
"GlobalProtect App 3.1.0",
|
||||
"GlobalProtect App 3.1",
|
||||
"GlobalProtect App 3.0.3",
|
||||
"GlobalProtect App 3.0.2",
|
||||
"GlobalProtect App 3.0.1",
|
||||
"GlobalProtect App 3.0.0",
|
||||
"GlobalProtect App 3.0",
|
||||
"GlobalProtect App 2.3.5",
|
||||
"GlobalProtect App 2.3.4",
|
||||
"GlobalProtect App 2.3.3",
|
||||
"GlobalProtect App 2.3.2",
|
||||
"GlobalProtect App 2.3.1",
|
||||
"GlobalProtect App 2.3.0",
|
||||
"GlobalProtect App 2.3",
|
||||
"GlobalProtect App 2.2.2",
|
||||
"GlobalProtect App 2.2.1",
|
||||
"GlobalProtect App 2.2.0",
|
||||
"GlobalProtect App 2.2",
|
||||
"GlobalProtect App 2.1.4",
|
||||
"GlobalProtect App 2.1.3",
|
||||
"GlobalProtect App 2.1.2",
|
||||
"GlobalProtect App 2.1.1",
|
||||
"GlobalProtect App 2.1.0",
|
||||
"GlobalProtect App 2.1",
|
||||
"GlobalProtect App 2.0.5",
|
||||
"GlobalProtect App 2.0.4",
|
||||
"GlobalProtect App 2.0.3",
|
||||
"GlobalProtect App 2.0.2",
|
||||
"GlobalProtect App 2.0.1",
|
||||
"GlobalProtect App 2.0.0",
|
||||
"GlobalProtect App 2.0",
|
||||
"GlobalProtect App 1.2.11",
|
||||
"GlobalProtect App 1.2.10",
|
||||
"GlobalProtect App 1.2.9",
|
||||
"GlobalProtect App 1.2.8",
|
||||
"GlobalProtect App 1.2.7",
|
||||
"GlobalProtect App 1.2.6",
|
||||
"GlobalProtect App 1.2.5",
|
||||
"GlobalProtect App 1.2.4",
|
||||
"GlobalProtect App 1.2.3",
|
||||
"GlobalProtect App 1.2.2",
|
||||
"GlobalProtect App 1.2.1",
|
||||
"GlobalProtect App 1.2.0",
|
||||
"GlobalProtect App 1.2",
|
||||
"GlobalProtect App 1.1.8",
|
||||
"GlobalProtect App 1.1.7",
|
||||
"GlobalProtect App 1.1.6",
|
||||
"GlobalProtect App 1.1.5",
|
||||
"GlobalProtect App 1.1.4",
|
||||
"GlobalProtect App 1.1.3",
|
||||
"GlobalProtect App 1.1.2",
|
||||
"GlobalProtect App 1.1.1",
|
||||
"GlobalProtect App 1.1.0",
|
||||
"GlobalProtect App 1.1",
|
||||
"GlobalProtect App 1.0.8",
|
||||
"GlobalProtect App 1.0.7",
|
||||
"GlobalProtect App 1.0.5",
|
||||
"GlobalProtect App 1.0.3",
|
||||
"GlobalProtect App 1.0.1",
|
||||
"GlobalProtect App 1.0"
|
||||
]
|
||||
}
|
||||
@ -1,18 +1,280 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@paloaltonetworks.com",
|
||||
"DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
|
||||
"ID": "CVE-2022-0019",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "GlobalProtect App",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"platform": "Linux",
|
||||
"version_affected": "<",
|
||||
"version_name": "5.3",
|
||||
"version_value": "5.3.2"
|
||||
},
|
||||
{
|
||||
"platform": "Linux",
|
||||
"version_affected": "<=",
|
||||
"version_name": "5.2",
|
||||
"version_value": "5.2.7"
|
||||
},
|
||||
{
|
||||
"platform": "Linux",
|
||||
"version_affected": "!>=",
|
||||
"version_name": "5.3",
|
||||
"version_value": "5.3.2"
|
||||
},
|
||||
{
|
||||
"platform": "Linux",
|
||||
"version_affected": "<",
|
||||
"version_name": "5.1",
|
||||
"version_value": "5.1.10"
|
||||
},
|
||||
{
|
||||
"platform": "Linux",
|
||||
"version_affected": "!>=",
|
||||
"version_name": "5.1",
|
||||
"version_value": "5.1.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Palo Alto Networks"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"configuration": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This issue is applicable only to GlobalProtect app users that save their user credentials for use when authenticating to a GlobalProtect portal."
|
||||
}
|
||||
],
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Palo Alto Networks thanks Josh Wisely and Praveen Bomma of Splunk for discovering and reporting this issue."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system.\n\nThe exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user’s plaintext password.\n\n\nThis issue impacts:\nGlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux.\nGlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux.\nGlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux.\n\nThis issue does not affect the GlobalProtect app on other platforms."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
|
||||
}
|
||||
],
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "HIGH",
|
||||
"attackVector": "LOCAL",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.7,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-522 Insufficiently Protected Credentials"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://security.paloaltonetworks.com/CVE-2022-0019"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This issue is fixed in GlobalProtect app 5.1.10 on Linux, GlobalProtect app 5.3.2 on Linux, and all later GlobalProtect app versions.\n\nExisting credentials files that are exposed by this issue will be secured when the fixed GlobalProtect app is launched."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"defect": [
|
||||
"GPC-13843"
|
||||
],
|
||||
"discovery": "EXTERNAL"
|
||||
},
|
||||
"timeline": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"time": "2022-02-09T17:00:00.000Z",
|
||||
"value": "Initial publication"
|
||||
}
|
||||
],
|
||||
"work_around": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Users should not save their credentials until the GlobalProtect app is upgraded to a fixed version.\n\nGlobalProtect portal administrators can prevent GlobalProtect app users from saving their credentials on the next connection to the GlobalProtect portal by preventing ‘Save User Credentials’ from the portal agent configuration as described here:\n\nhttps://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-apps/deploy-app-settings-transparently/customizable-app-settings/user-behavior-options.html\n"
|
||||
}
|
||||
],
|
||||
"x_advisoryEoL": true,
|
||||
"x_affectedList": [
|
||||
"GlobalProtect App 5.3.1",
|
||||
"GlobalProtect App 5.3.0",
|
||||
"GlobalProtect App 5.3",
|
||||
"GlobalProtect App 5.2.7",
|
||||
"GlobalProtect App 5.2.6",
|
||||
"GlobalProtect App 5.2.5",
|
||||
"GlobalProtect App 5.2.4",
|
||||
"GlobalProtect App 5.2.3",
|
||||
"GlobalProtect App 5.2.2",
|
||||
"GlobalProtect App 5.2.1",
|
||||
"GlobalProtect App 5.2.0",
|
||||
"GlobalProtect App 5.2",
|
||||
"GlobalProtect App 5.1.9",
|
||||
"GlobalProtect App 5.1.8",
|
||||
"GlobalProtect App 5.1.7",
|
||||
"GlobalProtect App 5.1.6",
|
||||
"GlobalProtect App 5.1.5",
|
||||
"GlobalProtect App 5.1.4",
|
||||
"GlobalProtect App 5.1.3",
|
||||
"GlobalProtect App 5.1.1",
|
||||
"GlobalProtect App 5.1.0",
|
||||
"GlobalProtect App 5.1"
|
||||
],
|
||||
"x_likelyAffectedList": [
|
||||
"GlobalProtect App 5.0.10",
|
||||
"GlobalProtect App 5.0.9",
|
||||
"GlobalProtect App 5.0.8",
|
||||
"GlobalProtect App 5.0.7",
|
||||
"GlobalProtect App 5.0.6",
|
||||
"GlobalProtect App 5.0.5",
|
||||
"GlobalProtect App 5.0.4",
|
||||
"GlobalProtect App 5.0.3",
|
||||
"GlobalProtect App 5.0.2",
|
||||
"GlobalProtect App 5.0.1",
|
||||
"GlobalProtect App 5.0.0",
|
||||
"GlobalProtect App 5.0",
|
||||
"GlobalProtect App 4.1.13",
|
||||
"GlobalProtect App 4.1.12",
|
||||
"GlobalProtect App 4.1.11",
|
||||
"GlobalProtect App 4.1.10",
|
||||
"GlobalProtect App 4.1.9",
|
||||
"GlobalProtect App 4.1.8",
|
||||
"GlobalProtect App 4.1.7",
|
||||
"GlobalProtect App 4.1.6",
|
||||
"GlobalProtect App 4.1.5",
|
||||
"GlobalProtect App 4.1.4",
|
||||
"GlobalProtect App 4.1.3",
|
||||
"GlobalProtect App 4.1.2",
|
||||
"GlobalProtect App 4.1.1",
|
||||
"GlobalProtect App 4.1.0",
|
||||
"GlobalProtect App 4.1",
|
||||
"GlobalProtect App 4.0.8",
|
||||
"GlobalProtect App 4.0.7",
|
||||
"GlobalProtect App 4.0.6",
|
||||
"GlobalProtect App 4.0.5",
|
||||
"GlobalProtect App 4.0.4",
|
||||
"GlobalProtect App 4.0.3",
|
||||
"GlobalProtect App 4.0.2",
|
||||
"GlobalProtect App 4.0.0",
|
||||
"GlobalProtect App 4.0",
|
||||
"GlobalProtect App 3.1.6",
|
||||
"GlobalProtect App 3.1.5",
|
||||
"GlobalProtect App 3.1.4",
|
||||
"GlobalProtect App 3.1.3",
|
||||
"GlobalProtect App 3.1.1",
|
||||
"GlobalProtect App 3.1.0",
|
||||
"GlobalProtect App 3.1",
|
||||
"GlobalProtect App 3.0.3",
|
||||
"GlobalProtect App 3.0.2",
|
||||
"GlobalProtect App 3.0.1",
|
||||
"GlobalProtect App 3.0.0",
|
||||
"GlobalProtect App 3.0",
|
||||
"GlobalProtect App 2.3.5",
|
||||
"GlobalProtect App 2.3.4",
|
||||
"GlobalProtect App 2.3.3",
|
||||
"GlobalProtect App 2.3.2",
|
||||
"GlobalProtect App 2.3.1",
|
||||
"GlobalProtect App 2.3.0",
|
||||
"GlobalProtect App 2.3",
|
||||
"GlobalProtect App 2.2.2",
|
||||
"GlobalProtect App 2.2.1",
|
||||
"GlobalProtect App 2.2.0",
|
||||
"GlobalProtect App 2.2",
|
||||
"GlobalProtect App 2.1.4",
|
||||
"GlobalProtect App 2.1.3",
|
||||
"GlobalProtect App 2.1.2",
|
||||
"GlobalProtect App 2.1.1",
|
||||
"GlobalProtect App 2.1.0",
|
||||
"GlobalProtect App 2.1",
|
||||
"GlobalProtect App 2.0.5",
|
||||
"GlobalProtect App 2.0.4",
|
||||
"GlobalProtect App 2.0.3",
|
||||
"GlobalProtect App 2.0.2",
|
||||
"GlobalProtect App 2.0.1",
|
||||
"GlobalProtect App 2.0.0",
|
||||
"GlobalProtect App 2.0",
|
||||
"GlobalProtect App 1.2.11",
|
||||
"GlobalProtect App 1.2.10",
|
||||
"GlobalProtect App 1.2.9",
|
||||
"GlobalProtect App 1.2.8",
|
||||
"GlobalProtect App 1.2.7",
|
||||
"GlobalProtect App 1.2.6",
|
||||
"GlobalProtect App 1.2.5",
|
||||
"GlobalProtect App 1.2.4",
|
||||
"GlobalProtect App 1.2.3",
|
||||
"GlobalProtect App 1.2.2",
|
||||
"GlobalProtect App 1.2.1",
|
||||
"GlobalProtect App 1.2.0",
|
||||
"GlobalProtect App 1.2",
|
||||
"GlobalProtect App 1.1.8",
|
||||
"GlobalProtect App 1.1.7",
|
||||
"GlobalProtect App 1.1.6",
|
||||
"GlobalProtect App 1.1.5",
|
||||
"GlobalProtect App 1.1.4",
|
||||
"GlobalProtect App 1.1.3",
|
||||
"GlobalProtect App 1.1.2",
|
||||
"GlobalProtect App 1.1.1",
|
||||
"GlobalProtect App 1.1.0",
|
||||
"GlobalProtect App 1.1",
|
||||
"GlobalProtect App 1.0.8",
|
||||
"GlobalProtect App 1.0.7",
|
||||
"GlobalProtect App 1.0.5",
|
||||
"GlobalProtect App 1.0.3",
|
||||
"GlobalProtect App 1.0.1",
|
||||
"GlobalProtect App 1.0"
|
||||
]
|
||||
}
|
||||
@ -1,18 +1,143 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@paloaltonetworks.com",
|
||||
"DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
|
||||
"ID": "CVE-2022-0020",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Cortex XSOAR",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!",
|
||||
"version_name": "6.5.0",
|
||||
"version_value": "all"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_name": "6.1.0",
|
||||
"version_value": "all"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "6.2.0",
|
||||
"version_value": "1958888"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_name": "6.2.0",
|
||||
"version_value": "1958888"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Palo Alto Networks"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Palo Alto Networks thanks Ömür Uğur of Türk Telekom for discovering and reporting this issue."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations.\n\nThis issue impacts:\nAll builds of Cortex XSOAR 6.1.0;\nCortex XSOAR 6.2.0 builds earlier than build 1958888."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
|
||||
}
|
||||
],
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 6.8,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "HIGH",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79 Cross-site Scripting (XSS)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://security.paloaltonetworks.com/CVE-2022-0020"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This issue is fixed in Cortex XSOAR 6.2.0 build 1958888 and all later Cortex XSOAR versions."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"defect": [
|
||||
"PDV-2194"
|
||||
],
|
||||
"discovery": "EXTERNAL"
|
||||
},
|
||||
"timeline": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"time": "2022-02-09T16:00:00.000Z",
|
||||
"value": "Initial publication"
|
||||
}
|
||||
],
|
||||
"work_around": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "There are no known workarounds for this issue."
|
||||
}
|
||||
],
|
||||
"x_advisoryEoL": false,
|
||||
"x_affectedList": [
|
||||
"Cortex XSOAR 6.2.0",
|
||||
"Cortex XSOAR 6.2",
|
||||
"Cortex XSOAR 6.1.0",
|
||||
"Cortex XSOAR 6.1"
|
||||
]
|
||||
}
|
||||
@ -1,18 +1,260 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@paloaltonetworks.com",
|
||||
"DATE_PUBLIC": "2022-02-09T17:00:00.000Z",
|
||||
"ID": "CVE-2022-0021",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "GlobalProtect App",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"platform": "Windows",
|
||||
"version_affected": "<",
|
||||
"version_name": "5.2",
|
||||
"version_value": "5.2.9"
|
||||
},
|
||||
{
|
||||
"platform": "Windows",
|
||||
"version_affected": "!>=",
|
||||
"version_name": "5.2",
|
||||
"version_value": "5.2.9"
|
||||
},
|
||||
{
|
||||
"version_affected": "!",
|
||||
"version_name": "5.1",
|
||||
"version_value": "5.1.*"
|
||||
},
|
||||
{
|
||||
"version_affected": "!",
|
||||
"version_name": "5.3",
|
||||
"version_value": "5.3.*"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Palo Alto Networks"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"configuration": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This issue is applicable only to devices configured to use the GlobalProtect Connect Before Logon feature."
|
||||
}
|
||||
],
|
||||
"credit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This issue was found by Rutger Truyers of Palo Alto Networks during internal security review."
|
||||
}
|
||||
],
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature.\n\n\nThis issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows.\n\nThis issue does not affect the GlobalProtect app on other platforms."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
|
||||
}
|
||||
],
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "LOCAL",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 3.3,
|
||||
"baseSeverity": "LOW",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-532 Information Exposure Through Log Files"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://security.paloaltonetworks.com/CVE-2022-0021"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This issue is fixed in GlobalProtect app 5.2.9 on Windows and all later GlobalProtect app versions."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"defect": [
|
||||
"GPC-13888"
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
},
|
||||
"timeline": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"time": "2022-02-09T17:00:00.000Z",
|
||||
"value": "Initial publication"
|
||||
}
|
||||
],
|
||||
"work_around": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "There are no known workarounds for this issue."
|
||||
}
|
||||
],
|
||||
"x_advisoryEoL": true,
|
||||
"x_affectedList": [
|
||||
"GlobalProtect App 5.2.8",
|
||||
"GlobalProtect App 5.2.7",
|
||||
"GlobalProtect App 5.2.6",
|
||||
"GlobalProtect App 5.2.5",
|
||||
"GlobalProtect App 5.2.4",
|
||||
"GlobalProtect App 5.2.3",
|
||||
"GlobalProtect App 5.2.2",
|
||||
"GlobalProtect App 5.2.1",
|
||||
"GlobalProtect App 5.2.0",
|
||||
"GlobalProtect App 5.2"
|
||||
],
|
||||
"x_likelyAffectedList": [
|
||||
"GlobalProtect App 5.0.10",
|
||||
"GlobalProtect App 5.0.9",
|
||||
"GlobalProtect App 5.0.8",
|
||||
"GlobalProtect App 5.0.7",
|
||||
"GlobalProtect App 5.0.6",
|
||||
"GlobalProtect App 5.0.5",
|
||||
"GlobalProtect App 5.0.4",
|
||||
"GlobalProtect App 5.0.3",
|
||||
"GlobalProtect App 5.0.2",
|
||||
"GlobalProtect App 5.0.1",
|
||||
"GlobalProtect App 5.0.0",
|
||||
"GlobalProtect App 5.0",
|
||||
"GlobalProtect App 4.1.13",
|
||||
"GlobalProtect App 4.1.12",
|
||||
"GlobalProtect App 4.1.11",
|
||||
"GlobalProtect App 4.1.10",
|
||||
"GlobalProtect App 4.1.9",
|
||||
"GlobalProtect App 4.1.8",
|
||||
"GlobalProtect App 4.1.7",
|
||||
"GlobalProtect App 4.1.6",
|
||||
"GlobalProtect App 4.1.5",
|
||||
"GlobalProtect App 4.1.4",
|
||||
"GlobalProtect App 4.1.3",
|
||||
"GlobalProtect App 4.1.2",
|
||||
"GlobalProtect App 4.1.1",
|
||||
"GlobalProtect App 4.1.0",
|
||||
"GlobalProtect App 4.1",
|
||||
"GlobalProtect App 4.0.8",
|
||||
"GlobalProtect App 4.0.7",
|
||||
"GlobalProtect App 4.0.6",
|
||||
"GlobalProtect App 4.0.5",
|
||||
"GlobalProtect App 4.0.4",
|
||||
"GlobalProtect App 4.0.3",
|
||||
"GlobalProtect App 4.0.2",
|
||||
"GlobalProtect App 4.0.0",
|
||||
"GlobalProtect App 4.0",
|
||||
"GlobalProtect App 3.1.6",
|
||||
"GlobalProtect App 3.1.5",
|
||||
"GlobalProtect App 3.1.4",
|
||||
"GlobalProtect App 3.1.3",
|
||||
"GlobalProtect App 3.1.1",
|
||||
"GlobalProtect App 3.1.0",
|
||||
"GlobalProtect App 3.1",
|
||||
"GlobalProtect App 3.0.3",
|
||||
"GlobalProtect App 3.0.2",
|
||||
"GlobalProtect App 3.0.1",
|
||||
"GlobalProtect App 3.0.0",
|
||||
"GlobalProtect App 3.0",
|
||||
"GlobalProtect App 2.3.5",
|
||||
"GlobalProtect App 2.3.4",
|
||||
"GlobalProtect App 2.3.3",
|
||||
"GlobalProtect App 2.3.2",
|
||||
"GlobalProtect App 2.3.1",
|
||||
"GlobalProtect App 2.3.0",
|
||||
"GlobalProtect App 2.3",
|
||||
"GlobalProtect App 2.2.2",
|
||||
"GlobalProtect App 2.2.1",
|
||||
"GlobalProtect App 2.2.0",
|
||||
"GlobalProtect App 2.2",
|
||||
"GlobalProtect App 2.1.4",
|
||||
"GlobalProtect App 2.1.3",
|
||||
"GlobalProtect App 2.1.2",
|
||||
"GlobalProtect App 2.1.1",
|
||||
"GlobalProtect App 2.1.0",
|
||||
"GlobalProtect App 2.1",
|
||||
"GlobalProtect App 2.0.5",
|
||||
"GlobalProtect App 2.0.4",
|
||||
"GlobalProtect App 2.0.3",
|
||||
"GlobalProtect App 2.0.2",
|
||||
"GlobalProtect App 2.0.1",
|
||||
"GlobalProtect App 2.0.0",
|
||||
"GlobalProtect App 2.0",
|
||||
"GlobalProtect App 1.2.11",
|
||||
"GlobalProtect App 1.2.10",
|
||||
"GlobalProtect App 1.2.9",
|
||||
"GlobalProtect App 1.2.8",
|
||||
"GlobalProtect App 1.2.7",
|
||||
"GlobalProtect App 1.2.6",
|
||||
"GlobalProtect App 1.2.5",
|
||||
"GlobalProtect App 1.2.4",
|
||||
"GlobalProtect App 1.2.3",
|
||||
"GlobalProtect App 1.2.2",
|
||||
"GlobalProtect App 1.2.1",
|
||||
"GlobalProtect App 1.2.0",
|
||||
"GlobalProtect App 1.2",
|
||||
"GlobalProtect App 1.1.8",
|
||||
"GlobalProtect App 1.1.7",
|
||||
"GlobalProtect App 1.1.6",
|
||||
"GlobalProtect App 1.1.5",
|
||||
"GlobalProtect App 1.1.4",
|
||||
"GlobalProtect App 1.1.3",
|
||||
"GlobalProtect App 1.1.2",
|
||||
"GlobalProtect App 1.1.1",
|
||||
"GlobalProtect App 1.1.0",
|
||||
"GlobalProtect App 1.1",
|
||||
"GlobalProtect App 1.0.8",
|
||||
"GlobalProtect App 1.0.7",
|
||||
"GlobalProtect App 1.0.5",
|
||||
"GlobalProtect App 1.0.3",
|
||||
"GlobalProtect App 1.0.1",
|
||||
"GlobalProtect App 1.0"
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user