CVE-2024-5908

EPSS 0.32%
Veröffentlicht 12.06.2024 17:15:53
Zuletzt bearbeitet 21.11.2024 09:48:33
Quelle psirt@paloaltonetworks.com
CVE-Watchlists
Login
Unerledigt
Login

A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these encrypted credentials are exposed to recipients of the application logs.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Paloaltonetworks ≫ Globalprotect Version >= 5.1 < 5.1.12

Paloaltonetworks ≫ Globalprotect Version >= 6.0 < 6.0.8

Paloaltonetworks ≫ Globalprotect Version >= 6.1 < 6.1.3

Paloaltonetworks ≫ Globalprotect Version >= 6.2 < 6.2.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.548

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
psirt@paloaltonetworks.com	5.5	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://security.paloaltonetworks.com/CVE-2024-5908

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-5908

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-5908

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-5908

EUVD