CVE-2024-5908: GlobalProtect App: Encrypted Credential Exposure via Log Files
First published: Wed Jun 12 2024(Updated: )
A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these encrypted credentials are exposed to recipients of the application logs.
Credit: psirt@paloaltonetworks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Palo Alto Networks GlobalProtect UWP App | >=5.1<5.1.12 | |
| Palo Alto Networks GlobalProtect UWP App | >=6.0<6.0.8 | |
| Palo Alto Networks GlobalProtect UWP App | >=6.1<6.1.3 | |
| Palo Alto Networks GlobalProtect UWP App | >=6.2<6.2.3 |
Remedy
This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 6.0.8, GlobalProtect app 6.1.3, GlobalProtect app 6.2.3, and all later GlobalProtect app versions. Customers looking to protect against the impact of this encrypted password disclosure should first delete PanGPS.log files from the GlobalProtect installation directory on all endpoints and then force a rotation of user passwords that are used to connect to GlobalProtect.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-5908?
CVE-2024-5908 has been rated with a medium severity level due to the potential exposure of sensitive information.
How do I fix CVE-2024-5908?
To remediate CVE-2024-5908, upgrade the Palo Alto Networks GlobalProtect app to version 5.1.12 or newer, or version 6.0.8 or newer, or version 6.1.3 or newer, or version 6.2.3 or newer.
What are the potential consequences of CVE-2024-5908?
The consequences of CVE-2024-5908 include unauthorized access to encrypted user credentials due to their exposure in application logs.
Which versions of Palo Alto Networks GlobalProtect are affected by CVE-2024-5908?
CVE-2024-5908 affects Palo Alto Networks GlobalProtect versions prior to 5.1.12, 6.0.8, 6.1.3, and 6.2.3.
Is there a workaround for CVE-2024-5908?
There is currently no documented workaround for CVE-2024-5908 other than applying the latest software updates.
- agent/remedy
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/event
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/paloaltonetworks
- canonical/palo alto networks globalprotect uwp app
- version/palo alto networks globalprotect uwp app/5.1
- version/palo alto networks globalprotect uwp app/6.0
- version/palo alto networks globalprotect uwp app/6.1
- version/palo alto networks globalprotect uwp app/6.2