CVE-2024-5908

A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these encrypted credentials are exposed to recipients of the application logs.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2024-5908	Vendor Advisory
https://security.paloaltonetworks.com/CVE-2024-5908	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:paloaltonetworks:globalprotect::::::::
	cpe:2.3:a:paloaltonetworks:globalprotect::::::::
	cpe:2.3:a:paloaltonetworks:globalprotect::::::::
	cpe:2.3:a:paloaltonetworks:globalprotect::::::::

History

No history.

Information

Published : 2024-06-12 17:15

Updated : 2024-11-21 09:48

NVD link : CVE-2024-5908

Mitre link : CVE-2024-5908

CVE.ORG link : CVE-2024-5908

JSON object : View

Products Affected

paloaltonetworks

globalprotect

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2024-5908", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "USER", "baseScore": 5.5, "automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "HIGH", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "subsequentSystemAvailability": "HIGH", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "HIGH", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-06-12T17:15:53.253", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-5908", "tags": ["Vendor Advisory"], "source": "psirt@paloaltonetworks.com"}, {"url": "https://security.paloaltonetworks.com/CVE-2024-5908", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these encrypted credentials are exposed to recipients of the application logs."}, {"lang": "es", "value": "Un problema con la aplicaci\u00f3n Palo Alto Networks GlobalProtect puede provocar la exposici\u00f3n de las credenciales de usuario cifradas, utilizadas para conectarse a GlobalProtect, en los registros de la aplicaci\u00f3n. Normalmente, estos registros de aplicaciones solo son visibles para usuarios locales y se incluyen al generar registros para solucionar problemas. Esto significa que estas credenciales cifradas est\u00e1n expuestas a los destinatarios de los registros de la aplicaci\u00f3n."}], "lastModified": "2024-11-21T09:48:33.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E575C68-D93F-4C48-9F6F-2448581BEF43", "versionEndExcluding": "5.1.12", "versionStartIncluding": "5.1"}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5557AF19-F260-4764-9263-CD2EEC5EB659", "versionEndExcluding": "6.0.8", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2839949C-D855-48F5-8B46-CCA9DFECE25D", "versionEndExcluding": "6.1.3", "versionStartIncluding": "6.1"}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3F3AC34-AB9B-485D-B0F8-67F673D1D4CC", "versionEndExcluding": "6.2.3", "versionStartIncluding": "6.2"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@paloaltonetworks.com"}