SB2020061107 - Multiple vulnerabilities in Palo Alto Networks GlobalProtect app 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020061107

SB2020061107 - Multiple vulnerabilities in Palo Alto Networks GlobalProtect app

Published: June 11, 2020 Updated: June 11, 2020

Security Bulletin ID SB2020061107
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2020-2032)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a Time-of-check Time-of-use (TOCTOU) issue during upgrade. An local user can execute arbitrary programs with SYSTEM privileges.


2) Improper Certificate Validation (CVE-ID: CVE-2020-2033)

The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.

The vulnerability exists due to a missing certification validation, when the pre-logon feature is enabled. A remote attacker on the local network can perform a MitM attack, disclose the pre-logon authentication cookie and access the GlobalProtect Server as allowed by configured Security rules for the "pre-login" user.


Remediation

Install update from vendor's website.

References