CVE-2022-0021 - OpenCVE

An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Paloaltonetworks	Globalprotect

Configuration 1 [-]

AND

cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.paloaltonetworks.com/CVE-2022-0021

History

No history.

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2022-02-10T18:10:24.695182Z

Updated: 2024-09-16T19:20:33.408Z

Reserved: 2021-12-28T00:00:00

Link: CVE-2022-0021

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-02-10T18:15:08.803

Modified: 2022-02-17T16:01:37.793

Link: CVE-2022-0021

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": ["Windows"], "product": "GlobalProtect App", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "5.2.9", "status": "unaffected"}], "lessThan": "5.2.9", "status": "affected", "version": "5.2", "versionType": "custom"}]}, {"product": "GlobalProtect App", "vendor": "Palo Alto Networks", "versions": [{"status": "unaffected", "version": "5.1.*"}, {"status": "unaffected", "version": "5.3.*"}]}], "configurations": [{"lang": "en", "value": "This issue is applicable only to devices configured to use the GlobalProtect Connect Before Logon feature."}], "credits": [{"lang": "en", "value": "This issue was found by Rutger Truyers of Palo Alto Networks during internal security review."}], "datePublic": "2022-02-09T00:00:00", "descriptions": [{"lang": "en", "value": "An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms."}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Information Exposure Through Log Files", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-10T18:10:24", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.paloaltonetworks.com/CVE-2022-0021"}], "solutions": [{"lang": "en", "value": "This issue is fixed in GlobalProtect app 5.2.9 on Windows and all later GlobalProtect app versions."}], "source": {"defect": ["GPC-13888"], "discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2022-02-09T00:00:00", "value": "Initial publication"}], "title": "GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon", "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2022-02-09T17:00:00.000Z", "ID": "CVE-2022-0021", "STATE": "PUBLIC", "TITLE": "GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GlobalProtect App", "version": {"version_data": [{"platform": "Windows", "version_affected": "<", "version_name": "5.2", "version_value": "5.2.9"}, {"platform": "Windows", "version_affected": "!>=", "version_name": "5.2", "version_value": "5.2.9"}, {"version_affected": "!", "version_name": "5.1", "version_value": "5.1.*"}, {"version_affected": "!", "version_name": "5.3", "version_value": "5.3.*"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "configuration": [{"lang": "en", "value": "This issue is applicable only to devices configured to use the GlobalProtect Connect Before Logon feature."}], "credit": [{"lang": "eng", "value": "This issue was found by Rutger Truyers of Palo Alto Networks during internal security review."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-532 Information Exposure Through Log Files"}]}]}, "references": {"reference_data": [{"name": "https://security.paloaltonetworks.com/CVE-2022-0021", "refsource": "MISC", "url": "https://security.paloaltonetworks.com/CVE-2022-0021"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in GlobalProtect app 5.2.9 on Windows and all later GlobalProtect app versions."}], "source": {"defect": ["GPC-13888"], "discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2022-02-09T00:00:00", "value": "Initial publication"}], "work_around": [{"lang": "en", "value": "There are no known workarounds for this issue."}], "x_advisoryEoL": true, "x_affectedList": ["GlobalProtect App 5.2.8", "GlobalProtect App 5.2.7", "GlobalProtect App 5.2.6", "GlobalProtect App 5.2.5", "GlobalProtect App 5.2.4", "GlobalProtect App 5.2.3", "GlobalProtect App 5.2.2", "GlobalProtect App 5.2.1", "GlobalProtect App 5.2.0", "GlobalProtect App 5.2"], "x_likelyAffectedList": ["GlobalProtect App 5.0.10", "GlobalProtect App 5.0.9", "GlobalProtect App 5.0.8", "GlobalProtect App 5.0.7", "GlobalProtect App 5.0.6", "GlobalProtect App 5.0.5", "GlobalProtect App 5.0.4", "GlobalProtect App 5.0.3", "GlobalProtect App 5.0.2", "GlobalProtect App 5.0.1", "GlobalProtect App 5.0.0", "GlobalProtect App 5.0", "GlobalProtect App 4.1.13", "GlobalProtect App 4.1.12", "GlobalProtect App 4.1.11", "GlobalProtect App 4.1.10", "GlobalProtect App 4.1.9", "GlobalProtect App 4.1.8", "GlobalProtect App 4.1.7", "GlobalProtect App 4.1.6", "GlobalProtect App 4.1.5", "GlobalProtect App 4.1.4", "GlobalProtect App 4.1.3", "GlobalProtect App 4.1.2", "GlobalProtect App 4.1.1", "GlobalProtect App 4.1.0", "GlobalProtect App 4.1", "GlobalProtect App 4.0.8", "GlobalProtect App 4.0.7", "GlobalProtect App 4.0.6", "GlobalProtect App 4.0.5", "GlobalProtect App 4.0.4", "GlobalProtect App 4.0.3", "GlobalProtect App 4.0.2", "GlobalProtect App 4.0.0", "GlobalProtect App 4.0", "GlobalProtect App 3.1.6", "GlobalProtect App 3.1.5", "GlobalProtect App 3.1.4", "GlobalProtect App 3.1.3", "GlobalProtect App 3.1.1", "GlobalProtect App 3.1.0", "GlobalProtect App 3.1", "GlobalProtect App 3.0.3", "GlobalProtect App 3.0.2", "GlobalProtect App 3.0.1", "GlobalProtect App 3.0.0", "GlobalProtect App 3.0", "GlobalProtect App 2.3.5", "GlobalProtect App 2.3.4", "GlobalProtect App 2.3.3", "GlobalProtect App 2.3.2", "GlobalProtect App 2.3.1", "GlobalProtect App 2.3.0", "GlobalProtect App 2.3", "GlobalProtect App 2.2.2", "GlobalProtect App 2.2.1", "GlobalProtect App 2.2.0", "GlobalProtect App 2.2", "GlobalProtect App 2.1.4", "GlobalProtect App 2.1.3", "GlobalProtect App 2.1.2", "GlobalProtect App 2.1.1", "GlobalProtect App 2.1.0", "GlobalProtect App 2.1", "GlobalProtect App 2.0.5", "GlobalProtect App 2.0.4", "GlobalProtect App 2.0.3", "GlobalProtect App 2.0.2", "GlobalProtect App 2.0.1", "GlobalProtect App 2.0.0", "GlobalProtect App 2.0", "GlobalProtect App 1.2.11", "GlobalProtect App 1.2.10", "GlobalProtect App 1.2.9", "GlobalProtect App 1.2.8", "GlobalProtect App 1.2.7", "GlobalProtect App 1.2.6", "GlobalProtect App 1.2.5", "GlobalProtect App 1.2.4", "GlobalProtect App 1.2.3", "GlobalProtect App 1.2.2", "GlobalProtect App 1.2.1", "GlobalProtect App 1.2.0", "GlobalProtect App 1.2", "GlobalProtect App 1.1.8", "GlobalProtect App 1.1.7", "GlobalProtect App 1.1.6", "GlobalProtect App 1.1.5", "GlobalProtect App 1.1.4", "GlobalProtect App 1.1.3", "GlobalProtect App 1.1.2", "GlobalProtect App 1.1.1", "GlobalProtect App 1.1.0", "GlobalProtect App 1.1", "GlobalProtect App 1.0.8", "GlobalProtect App 1.0.7", "GlobalProtect App 1.0.5", "GlobalProtect App 1.0.3", "GlobalProtect App 1.0.1", "GlobalProtect App 1.0"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:18:41.334Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2022-0021"}]}]}, "cveMetadata": {"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2022-0021", "datePublished": "2022-02-10T18:10:24.695182Z", "dateReserved": "2021-12-28T00:00:00", "dateUpdated": "2024-09-16T19:20:33.408Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*", "matchCriteriaId": "84B6241D-4456-4DC4-9767-3E608BCA0972", "versionEndExcluding": "5.2.9", "versionStartIncluding": "5.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de exposici\u00f3n de informaci\u00f3n mediante archivos de registro en GlobalProtect app de Palo Alto Networks en Windows que registra las credenciales en texto sin cifrar del usuario de GlobalProtect que es conectado cuando es autenticado usando la funci\u00f3n Connect Before Logon. Este problema afecta a GlobalProtect App versiones 5.2 anteriores a 5.2.9 en Windows. Este problema no afecta a GlobalProtect app en otras plataformas"}], "id": "CVE-2022-0021", "lastModified": "2022-02-17T16:01:37.793", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2022-02-10T18:15:08.803", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2022-0021"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}