Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-1988

An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;

Published

2020-04-08T19:15:13.917

Last Modified

2024-11-21T05:11:47.710

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.2 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-428
Type: Primary
CWE-428

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	paloaltonetworks	globalprotect	< 4.1.13	Yes
Application	paloaltonetworks	globalprotect	< 5.0.5	Yes

References

https://security.paloaltonetworks.com/CVE-2020-1988 Vendor Advisory ([email protected])
https://security.paloaltonetworks.com/CVE-2020-1988 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)