CVE-2019-1573

Опубликовано: 09 апр. 2019

Источник: nvd

CVSS3: 2.5

CVSS2: 1.9

EPSS Низкий

Описание

GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user.

Ссылки

http://www.securityfocus.com/bid/107868
Third Party Advisory
VDB Entry
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005
Third Party Advisory
https://security.paloaltonetworks.com/CVE-2019-1573
Vendor Advisory
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-783
Third Party Advisory
https://www.kb.cert.org/vuls/id/192371
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/107868
Third Party Advisory
VDB Entry
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005
Third Party Advisory
https://security.paloaltonetworks.com/CVE-2019-1573
Vendor Advisory
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-783
Third Party Advisory
https://www.kb.cert.org/vuls/id/192371
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*

Версия до 4.1.0 (включая)

cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*

Версия до 4.1.10 (включая)

EPSS

Процентиль: 47%

0.00245

Низкий

2.5 Low

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-226

CWE-311

Связанные уязвимости

GHSA-2xxh-hp4f-fg97

CVSS3: 2.5

github

больше 3 лет назад

BDU:2019-01830

CVSS3: 9.8

fstec

почти 7 лет назад

Уязвимость VPN-приложения GlobalProtect Agent, связанная с недостатками процедуры аутентификации, позволяющая нарушителю подделать VPN-сеанс и получить доступ от имени пользователя