CVE-2020-1987
Description
An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to Dump. This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1.
Risk Information
Base Score
3.3
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.046
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-1987,CVE-2020-2004 are affected in Global Protect (Microsoft Store) 5.1.0 | Windows |
| Vulnerabilities CVE-2020-1987 ,CVE-2020-2004 are affected in globalprotect 5.1.0 | NCM |
| Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-1987) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234