Описание
GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user.
GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-1573
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005
- https://security.paloaltonetworks.com/CVE-2019-1573
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-783
- https://www.kb.cert.org/vuls/id/192371
- http://www.securityfocus.com/bid/107868
Связанные уязвимости
GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user.
Уязвимость VPN-приложения GlobalProtect Agent, связанная с недостатками процедуры аутентификации, позволяющая нарушителю подделать VPN-сеанс и получить доступ от имени пользователя