vulnerability

PAN-OS: GlobalProtect registration open redirect

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	May 13, 2020	Jun 18, 2020	Oct 5, 2020

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

May 13, 2020

Added

Jun 18, 2020

Modified

Oct 5, 2020

Description

An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14.

Solutions

palo-alto-networks-pan-os-upgrade-7-1palo-alto-networks-pan-os-upgrade-8-0

References

CVE-2020-1997
https://attackerkb.com/topics/CVE-2020-1997
URL-https://security.paloaltonetworks.com/CVE-2020-1997

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today