CVE-2020-1976: GlobalProtect on MacOS: Local denial-of-service (DoS) vulnerability.
First published: Wed Feb 12 2020(Updated: )
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.
Credit: psirt@paloaltonetworks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Paloaltonetworks Globalprotect | >=5.0<=5.0.5 |
Remedy
This issue is fixed in GlobalProtect 5.0.6, GlobalProtect 5.1.0, and all later versions.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-1976?
CVE-2020-1976 is a denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS.
Who is affected by CVE-2020-1976?
Authenticated local users running Palo Alto Networks GlobalProtect 5.0.5 and earlier versions on Mac OS are affected by CVE-2020-1976.
How can an attacker exploit CVE-2020-1976?
An attacker can exploit CVE-2020-1976 by causing the Mac OS kernel to hang or crash, resulting in a Denial-of-Service (DoS) condition.
What is the severity of CVE-2020-1976?
CVE-2020-1976 has a severity rating of medium with a CVSS score of 5.5.
How can I mitigate CVE-2020-1976?
To mitigate CVE-2020-1976, it is recommended to update to GlobalProtect version 5.0.6 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/paloaltonetworks
- canonical/paloaltonetworks globalprotect
- version/paloaltonetworks globalprotect/5.0
- version/paloaltonetworks globalprotect/5.0.5