CVE-2020-1987
Last modified
CVE-2020-1987 is a low-severity vulnerability rated 3.3/10 on the CVSS scale. An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1.. EPSS estimates a 0.29% chance of exploitation in the next 30 days.
Description
An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Paloaltonetworks | Globalprotect | >= 5.0, < 5.0.9 |
| Paloaltonetworks | Globalprotect | >= 5.1, < 5.1.1 |
References
- https://security.paloaltonetworks.com/CVE-2020-1987Vendor Advisory
- https://security.paloaltonetworks.com/CVE-2020-1987Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-1987?
How severe is CVE-2020-1987?
How do I fix CVE-2020-1987?
Are you affected by CVE-2020-1987?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST