CVE-2024-5908

UNKNOWN 0.0

GlobalProtect App: Encrypted Credential Exposure via Log Files

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these encrypted credentials are exposed to recipients of the application logs.

CWE	CWE-532
Vendor	palo alto networks
Product	globalprotect app
Published	Jun 12, 2024
Last Updated	Aug 9, 2024

Stay Ahead of the Next One

Get instant alerts for palo alto networks globalprotect app

Be the first to know when new unknown vulnerabilities affecting palo alto networks globalprotect app are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Palo Alto Networks / GlobalProtect App

5.1.0 < 5.1.12 6.0.0 < 6.0.8 6.1.0 < 6.1.3 6.2.0 < 6.2.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

security.paloaltonetworks.com: https://security.paloaltonetworks.com/CVE-2024-5908

Credits

Palo Alto Networks thanks Denis Faiustov and Ruslan Sayfiev of GMO Cybersecurity by IERAE for discovering and reporting this issue.