QwikSec

Security Database

CVE

CWE

Training

CVE-2019-1573

Published: Apr 9, 2019

Modified: Sep 16, 2024

PUBLISHED

CVSS v3.1

2.5

LOW

Description

GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user.

Vendor	Product	Versions
Palo Alto Networks	GlobalProtect Agent	affected `4.1 - <= 4.1.0`
Palo Alto Networks	GlobalProtect Agent	unaffected `4.1.11 - < 4.1*`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

third-party-advisory

x_refsource_CERT-VN

vdb-entry

x_refsource_BID

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005

x_refsource_CONFIRM

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-783

x_refsource_CONFIRM

https://security.paloaltonetworks.com/CVE-2019-1573

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.