CVE-2022-0019

An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user’s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms.

CVSS v3 5.5 MEDIUM
CVSS v2.0 1.9 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.9^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2022-0019	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:paloaltonetworks:globalprotect::::::::
	cpe:2.3:a:paloaltonetworks:globalprotect::::::::
	cpe:2.3:a:paloaltonetworks:globalprotect::::::::

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-02-10 18:15

Updated : 2024-02-28 19:09

NVD link : CVE-2022-0019

Mitre link : CVE-2022-0019

CVE.ORG link : CVE-2022-0019

JSON object : View

Products Affected

linux

linux_kernel

paloaltonetworks

globalprotect

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2022-0019", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2022-02-10T18:15:08.687", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2022-0019", "tags": ["Vendor Advisory"], "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}, {"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user\u2019s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de credenciales insuficientemente protegidas en GlobalProtect app de Palo Alto Networks en Linux que expone las credenciales con hash de los usuarios de GlobalProtect que guardaron su contrase\u00f1a durante sesiones anteriores de GlobalProtect app a otros usuarios locales del sistema. Las credenciales expuestas permiten a un atacante local autenticarse en el portal o la puerta de enlace de GlobalProtect como el usuario de destino sin conocer la contrase\u00f1a en texto plano del usuario de destino. Este problema afecta: GlobalProtect app 5.1 versiones anteriores a GlobalProtect app 5.1.10 en Linux. GlobalProtect app versiones 5.2 anteriores a GlobalProtect app 5.2.7 en Linux. GlobalProtect app versiones 5.3 anteriores a GlobalProtect app 5.3.2 en Linux. Este problema no afecta a GlobalProtect app en otras plataformas"}], "lastModified": "2022-02-17T15:25:28.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E84FC1F6-58F6-4C67-A8E9-93233865C080", "versionEndExcluding": "5.1.10", "versionStartIncluding": "5.1"}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4FEBC14-2794-48FB-B210-5E720254E7B8", "versionEndIncluding": "5.2.7", "versionStartIncluding": "5.2"}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3170EC23-3410-43B0-8D72-48297059954A", "versionEndExcluding": "5.3.2", "versionStartIncluding": "5.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@paloaltonetworks.com"}