8.3

CVE-2025-0126

Medienbericht

When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker.

The SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerPalo Alto Networks
Produkt Cloud NGFW
Default Statusunaffected
Version All
Status unaffected
HerstellerPalo Alto Networks
Produkt PAN-OS
Default Statusunaffected
Version < 11.2.3
Version 11.2.0
Status affected
Version < 11.1.5
Version 11.1.0
Status affected
Version < 11.0.6
Version 11.0.0
Status affected
Version < 10.2.10-h6
Version 10.2.0
Status affected
Version < 10.1.14-h11
Version 10.1.0
Status affected
HerstellerPalo Alto Networks
Produkt Prisma Access
Default Statusunaffected
Version < 10.2.4-h36
Version 10.2.0
Status affected
Version < 11.2.4-h5
Version 11.2.0
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.06% 0.186
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@paloaltonetworks.com 8.3 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
CWE-384 Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.