Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Globalprotect
(Paloaltonetworks)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 32 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-11-27 | CVE-2024-5921 | An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. Please subscribe to our RSS feed... | Globalprotect | 8.8 | ||
| 2025-03-12 | CVE-2025-0118 | A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious page during the GlobalProtect SAML login process on a Windows device. This issue does not apply to the GlobalProtect app on other... | Globalprotect | 8.0 | ||
| 2025-04-11 | CVE-2025-0120 | A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit. | Globalprotect | 7.0 | ||
| 2025-05-14 | CVE-2025-0135 | An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected. | Globalprotect | 3.3 | ||
| 2025-06-13 | CVE-2025-4227 | An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel. An attacker with physical access to the network can inject rogue devices to intercept these packets. Under... | Globalprotect | 3.5 | ||
| 2025-06-13 | CVE-2025-4232 | An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root. | Globalprotect | 8.8 | ||
| 2024-05-06 | CVE-2024-3661 | DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. | Anyconnect_vpn_client, Secure_client, Secure_access_client, Big\-Ip_access_policy_manager, Forticlient, Globalprotect, Ipsec_mobile_vpn_client, Mobile_vpn_with_ssl, Client_connector | 7.6 | ||
| 2020-02-12 | CVE-2020-1976 | A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS. | Globalprotect | 5.5 | ||
| 2020-04-08 | CVE-2020-1987 | An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1. | Globalprotect | 3.3 | ||
| 2020-04-08 | CVE-2020-1988 | An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows; | Globalprotect | 6.7 |