Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for GlobalProtect by Palo Alto Networks

    CVE-2020-1976 (GCVE-0-2020-1976)

    Vulnerability from nvd – Published: 2020-02-12 22:57 – Updated: 2024-09-17 01:51
    VLAI
    Title
    GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability.
    Summary
    A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.
    CWE
    • CWE-642 - External Control of Critical State Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks GlobalProtect Affected: 5.0 , ≤ 5.0.5 (custom)
    Create a notification for this product.
    Date Public
    2020-02-12 00:00
    Credits
    This issue was discovered during a security test performed in collaboration with IOActive.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:54:00.347Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2020-1976"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Mac OS"
              ],
              "product": "GlobalProtect",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "5.0.6",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered during a security test performed in collaboration with IOActive."
            }
          ],
          "datePublic": "2020-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-642",
                  "description": "CWE-642 External Control of Critical State Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-12T22:57:08.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2020-1976"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This issue is fixed in GlobalProtect 5.0.6, GlobalProtect 5.1.0, and all later versions."
            }
          ],
          "source": {
            "defect": [
              "GPC-9616"
            ],
            "discovery": "INTERNAL"
          },
          "title": "GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability.",
          "workarounds": [
            {
              "lang": "en",
              "value": "n/a"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "DATE_PUBLIC": "2020-02-12T17:00:00.000Z",
              "ID": "CVE-2020-1976",
              "STATE": "PUBLIC",
              "TITLE": "GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GlobalProtect",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Mac OS",
                                "version_affected": "\u003c=",
                                "version_name": "5.0",
                                "version_value": "5.0.5"
                              },
                              {
                                "platform": "Mac OS",
                                "version_affected": "!\u003e=",
                                "version_name": "5.0",
                                "version_value": "5.0.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Palo Alto Networks"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This issue was discovered during a security test performed in collaboration with IOActive."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-642 External Control of Critical State Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2020-1976",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2020-1976"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "This issue is fixed in GlobalProtect 5.0.6, GlobalProtect 5.1.0, and all later versions."
              }
            ],
            "source": {
              "defect": [
                "GPC-9616"
              ],
              "discovery": "INTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "n/a"
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2020-1976",
        "datePublished": "2020-02-12T22:57:08.144Z",
        "dateReserved": "2019-12-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:51:07.142Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1976 (GCVE-0-2020-1976)

    Vulnerability from cvelistv5 – Published: 2020-02-12 22:57 – Updated: 2024-09-17 01:51
    VLAI
    Title
    GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability.
    Summary
    A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.
    CWE
    • CWE-642 - External Control of Critical State Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    Palo Alto Networks GlobalProtect Affected: 5.0 , ≤ 5.0.5 (custom)
    Create a notification for this product.
    Date Public
    2020-02-12 00:00
    Credits
    This issue was discovered during a security test performed in collaboration with IOActive.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:54:00.347Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2020-1976"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Mac OS"
              ],
              "product": "GlobalProtect",
              "vendor": "Palo Alto Networks",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "5.0.6",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "5.0.5",
                  "status": "affected",
                  "version": "5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered during a security test performed in collaboration with IOActive."
            }
          ],
          "datePublic": "2020-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-642",
                  "description": "CWE-642 External Control of Critical State Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-12T22:57:08.000Z",
            "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
            "shortName": "palo_alto"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.paloaltonetworks.com/CVE-2020-1976"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This issue is fixed in GlobalProtect 5.0.6, GlobalProtect 5.1.0, and all later versions."
            }
          ],
          "source": {
            "defect": [
              "GPC-9616"
            ],
            "discovery": "INTERNAL"
          },
          "title": "GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability.",
          "workarounds": [
            {
              "lang": "en",
              "value": "n/a"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@paloaltonetworks.com",
              "DATE_PUBLIC": "2020-02-12T17:00:00.000Z",
              "ID": "CVE-2020-1976",
              "STATE": "PUBLIC",
              "TITLE": "GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GlobalProtect",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Mac OS",
                                "version_affected": "\u003c=",
                                "version_name": "5.0",
                                "version_value": "5.0.5"
                              },
                              {
                                "platform": "Mac OS",
                                "version_affected": "!\u003e=",
                                "version_name": "5.0",
                                "version_value": "5.0.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Palo Alto Networks"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This issue was discovered during a security test performed in collaboration with IOActive."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-642 External Control of Critical State Data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.paloaltonetworks.com/CVE-2020-1976",
                  "refsource": "MISC",
                  "url": "https://security.paloaltonetworks.com/CVE-2020-1976"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "This issue is fixed in GlobalProtect 5.0.6, GlobalProtect 5.1.0, and all later versions."
              }
            ],
            "source": {
              "defect": [
                "GPC-9616"
              ],
              "discovery": "INTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "n/a"
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "assignerShortName": "palo_alto",
        "cveId": "CVE-2020-1976",
        "datePublished": "2020-02-12T22:57:08.144Z",
        "dateReserved": "2019-12-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:51:07.142Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }