CVE-2022-0019

Insufficiently Protected Credentials (CWE-522)

Published: Feb 10, 2022 / Updated: 33mo ago

010
CVSS 5.5EPSS 0.04%Medium
CVE info copied to clipboard

An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user’s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2022-0019. See article

Feb 9, 2022 at 5:04 PM / security.paloaltonetworks.com
EPSS

EPSS Score was set to: 0.04% (Percentile: 5.7%)

Sep 21, 2023 at 8:37 PM
Static CVE Timeline Graph

Affected Systems

Paloaltonetworks/globalprotect
+null more

Patches

security.paloaltonetworks.com
+null more

Links to Mitre Att&cks

T1558.003: Kerberoasting
+null more

Attack Patterns

CAPEC-102: Session Sidejacking
+null more

References

CVE-2022-0019 GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux (Severity: MEDIUM)
An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. This issue is applicable only to GlobalProtect app users that save their user credentials for use when authenticating to a GlobalProtect portal.
Vulnerability Summary for the Week of February 7, 2022
Original release date: February 14, 2022 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info \[gwa\]_autoresponder_project -- \[gwa\]_autoresponder Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions 2022-02-04 7.5 CVE-2021-44779 CONFIRM CONFIRM advantech -- adam-3600_firmware The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions. 2022-02-04 7.5 CVE-2022-22987 CONFIRM apache -- gobblin Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This affects versions 2022-02-04 7.5 CVE-2021-36152 MISC debian -- perm perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.) 2022-02-05 7.5 CVE-2021-38172 MISC MISC MISC CONFIRM MISC dlink -- di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands via the proxy_srv, proxy_srvport, proxy_lanip, proxy_lanport parameters. 2022-02-04 7.5 CVE-2021-46227 MISC MISC dlink -- di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter. 2022-02-04 7.5 CVE-2021-46229 MISC MISC dlink -- di-7200g_v2_firmware D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm.

News

Security Bulletin 16 Feb 2022 - Cyber Security Agency of Singapore
Security Bulletin 16 Feb 2022 Cyber Security Agency of Singapore
Security Bulletin 16 Feb 2022 | #firefox | #chrome | #microsoftedge
CVE Number Description Base Score Reference CVE-2017-9380 OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-9380 CVE-2018-6383 Monstra CMS through 3.0.4 has an incomplete “forbidden types” list that excludes .php... The post Security Bulletin 16 Feb 2022 #firefox #chrome #microsoftedge appeared first on NATIONAL CYBER SECURITY NEWS TODAY .
Security Bulletin 23 Feb 2022 - Cyber Security Agency of Singapore
Security Bulletin 23 Feb 2022 Cyber Security Agency of Singapore
Security Bulletin 23 Feb 2022 - Cyber Security Agency of Singapore
Security Bulletin 23 Feb 2022 Cyber Security Agency of Singapore
Security Bulletin 16 Feb 2022 | #firefox | #chrome | #microsoftedge
CVE Number Description Base Score Reference CVE-2017-9380 OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-9380 CVE-2018-6383 Monstra CMS through 3.0.4 has an incomplete “forbidden types” list that excludes .php... The post Security Bulletin 16 Feb 2022 #firefox #chrome #microsoftedge appeared first on NATIONAL CYBER SECURITY NEWS TODAY .
See 18 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI