CVE-2024-5908

{"id": "CVE-2024-5908", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "USER", "baseScore": 5.5, "automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "HIGH", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "subsequentSystemAvailability": "HIGH", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "HIGH", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-06-12T17:15:53.253", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-5908", "tags": ["Vendor Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://security.paloaltonetworks.com/CVE-2024-5908", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these encrypted credentials are exposed to recipients of the application logs."}, {"lang": "es", "value": "Un problema con la aplicaci\u00f3n Palo Alto Networks GlobalProtect puede provocar la exposici\u00f3n de las credenciales de usuario cifradas, utilizadas para conectarse a GlobalProtect, en los registros de la aplicaci\u00f3n. Normalmente, estos registros de aplicaciones solo son visibles para usuarios locales y se incluyen al generar registros para solucionar problemas. Esto significa que estas credenciales cifradas est\u00e1n expuestas a los destinatarios de los registros de la aplicaci\u00f3n."}], "lastModified": "2024-11-21T09:48:33.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E575C68-D93F-4C48-9F6F-2448581BEF43", "versionEndExcluding": "5.1.12", "versionStartIncluding": "5.1"}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5557AF19-F260-4764-9263-CD2EEC5EB659", "versionEndExcluding": "6.0.8", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2839949C-D855-48F5-8B46-CCA9DFECE25D", "versionEndExcluding": "6.1.3", "versionStartIncluding": "6.1"}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3F3AC34-AB9B-485D-B0F8-67F673D1D4CC", "versionEndExcluding": "6.2.3", "versionStartIncluding": "6.2"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@paloaltonetworks.com"}