First published: Tue Apr 09 2019(Updated: )
GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user.
Credit: psirt@paloaltonetworks.com
Affected Software | Affected Version | How to fix |
---|---|---|
Paloaltonetworks Globalprotect | <=4.1.0 | |
Paloaltonetworks Globalprotect | <=4.1.10 |
This issue is fixed in GlobalProtect Agent 4.1.1 and later for Windows, and GlobalProtect Agent 4.1.11 and later for macOS.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-1573 is a vulnerability in GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS that allows a local authenticated attacker to access authentication and/or session tokens.
CVE-2019-1573 has a severity rating of low (2.5).
CVE-2019-1573 allows a local authenticated attacker who has compromised the end-user account to inspect memory and access authentication/session tokens, which can be replayed to spoof the VPN session.
Yes, PaloAlto Networks has released updates to address this vulnerability. Please refer to their official website for the latest patches.
Yes, you can find more information about CVE-2019-1573 at the following references: [1] http://www.securityfocus.com/bid/107868, [2] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005, [3] https://security.paloaltonetworks.com/CVE-2019-1573