CVE-2022-0018

Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)

Published: Feb 10, 2022 / Updated: 33mo ago

010
CVSS 6.5EPSS 0.13%Medium
CVE info copied to clipboard

An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. This product behavior is intentional and poses no security risk when connecting to trusted GlobalProtect portals configured to use the same Single Sign-On credentials both for the local user account as well as the GlobalProtect login. However when the credentials are different, the local account credentials are inadvertently sent to the GlobalProtect portal for authentication. A third party MITM type of attacker cannot see these credentials in transit. This vulnerability is a concern where the GlobalProtect app is deployed on Bring-your-Own-Device (BYOD) type of clients with private local user accounts or GlobalProtect app is used to connect to different organizations. Fixed versions of GlobalProtect app have an app setting to prevent the transmission of the user's local user credentials to the target GlobalProtect portal regardless of the portal configuration. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows and MacOS; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS This issue does not affect GlobalProtect app on other platforms.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2022-0018. See article

Feb 9, 2022 at 5:04 PM / security.paloaltonetworks.com
EPSS

EPSS Score was set to: 0.13% (Percentile: 46.9%)

Sep 21, 2023 at 8:37 PM
Static CVE Timeline Graph

Affected Systems

Paloaltonetworks/globalprotect
+null more

Patches

security.paloaltonetworks.com
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-116: Excavation
+null more

References

CVE-2022-0018 GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled (Severity: MEDIUM)
An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. This product behavior is intentional and poses no security risk when connecting to trusted GlobalProtect portals configured to use the same Single Sign-On credentials both for the local user account as well as the GlobalProtect login.
Vulnerability Summary for the Week of February 7, 2022
Original release date: February 14, 2022 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info \[gwa\]_autoresponder_project -- \[gwa\]_autoresponder Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions 2022-02-04 7.5 CVE-2021-44779 CONFIRM CONFIRM advantech -- adam-3600_firmware The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions. 2022-02-04 7.5 CVE-2022-22987 CONFIRM apache -- gobblin Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This affects versions 2022-02-04 7.5 CVE-2021-36152 MISC debian -- perm perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.) 2022-02-05 7.5 CVE-2021-38172 MISC MISC MISC CONFIRM MISC dlink -- di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands via the proxy_srv, proxy_srvport, proxy_lanip, proxy_lanport parameters. 2022-02-04 7.5 CVE-2021-46227 MISC MISC dlink -- di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter. 2022-02-04 7.5 CVE-2021-46229 MISC MISC dlink -- di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm.

News

Security Bulletin 16 Feb 2022 - Cyber Security Agency of Singapore
Security Bulletin 16 Feb 2022 Cyber Security Agency of Singapore
Security Bulletin 16 Feb 2022 | #firefox | #chrome | #microsoftedge
CVE Number Description Base Score Reference CVE-2017-9380 OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-9380 CVE-2018-6383 Monstra CMS through 3.0.4 has an incomplete “forbidden types” list that excludes .php... The post Security Bulletin 16 Feb 2022 #firefox #chrome #microsoftedge appeared first on NATIONAL CYBER SECURITY NEWS TODAY .
Security Bulletin 23 Feb 2022 - Cyber Security Agency of Singapore
Security Bulletin 23 Feb 2022 Cyber Security Agency of Singapore
Security Bulletin 23 Feb 2022 - Cyber Security Agency of Singapore
Security Bulletin 23 Feb 2022 Cyber Security Agency of Singapore
Security Bulletin 16 Feb 2022 | #firefox | #chrome | #microsoftedge
CVE Number Description Base Score Reference CVE-2017-9380 OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-9380 CVE-2018-6383 Monstra CMS through 3.0.4 has an incomplete “forbidden types” list that excludes .php... The post Security Bulletin 16 Feb 2022 #firefox #chrome #microsoftedge appeared first on NATIONAL CYBER SECURITY NEWS TODAY .
See 20 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI