Description
A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
Confidentiality (Vulnerable System)
Low
Integrity (Vulnerable System)
Low
Availability (Vulnerable System)
Low
Confidentiality (Subsequent System)
Low
Integrity (Subsequent System)
Low
Availability (Subsequent System)
Low
AU
Y
R
Adjacent
V
D
RE
M
U
Amber
Affected products
- Palo Alto Networks / Cloud NGFWAll – All
- Palo Alto Networks / pan-os10.1.0 – 10.1.11
- Palo Alto Networks / pan-os10.2.0 – 10.2.0
- Palo Alto Networks / pan-os11.0.0 – 11.0.0
- Palo Alto Networks / pan-os11.1.0 – 11.1.0
- Palo Alto Networks / pan-os11.2.0 – 11.2.0
- Palo Alto Networks / pan-os9.1.0 – 9.1.17
- Palo Alto Networks / Prisma AccessAll – All