CVE-2020-1987

An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1.

Published: Apr 8, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-1987
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.3
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-532

Affected Software
References

Software	From	Fixed in
paloaltonetworks / globalprotect	5.0	5.0.9
paloaltonetworks / globalprotect	5.1	5.1.1

https://security.paloaltonetworks.com/CVE-2020-1987

Vulnerability Database

289,599

CVE-2020-1987