Detections
Analytics

Palo Alto GlobalProtect Agent 5.0.x < 5.0.10 / 5.1.x < 5.1.4 Missing Certificate Validation

medium Nessus Plugin ID 137626

Language:

Synopsis

A VPN client installed on remote host is affected by a missing certificate validation vulnerability.

Description

The version of Palo Alto GlobalProtect Agent installed on the remote host is 5.0.x prior to 5.0.10, or 5.1.x prior to 5.1.4. It is, therefore, affected by a missing certificate validation vulnerability. When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. This allows the attacker to access the GlobalProtect Server as allowed by configured Security rules for the 'pre-login' user. This access may be limited compared to the network access of regular users.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Palo Alto GlobalProtect Agent 5.0.10, 5.1.4, or later

See Also

https://security.paloaltonetworks.com/CVE-2020-2033

Plugin Details

Severity: Medium

ID: 137626

File Name: palo_alto_globalprotect_agent_cve-2020-2033.nasl

Version: 1.3

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 6/18/2020

Updated: 6/3/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 2.9

Temporal Score: 2.1

Vector: CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2020-2033

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:paloaltonetworks:globalprotect

Required KB Items: installed_sw/Palo Alto GlobalProtect Agent

Exploit Ease: No known exploits are available

Patch Publication Date: 6/10/2020

Vulnerability Publication Date: 6/10/2020

Reference Information

CVE: CVE-2020-2033

IAVA: 2020-A-0263-S