CVE-2020-2004 is a vulnerability in Palo Alto Networks Globalprotect
Published on May 13, 2020
GlobalProtect App: Passwords may be logged in clear text while collecting troubleshooting logs
Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. For this issue to occur all of these conditions must be true: (1) 'Save User Credential' option should be set to 'Yes' in the GlobalProtect Portal's Agent configuration, (2) the GlobalProtect user manually selects a gateway, (3) and the logging level is set to 'Dump' while collecting troubleshooting logs. This issue does not affect GlobalProtect app on other platforms (for example iOS/Android/Linux). This issue affects GlobalProtect app 5.0 versions earlier than 5.0.9, GlobalProtect app 5.1 versions earlier than 5.1.2 on Windows or MacOS. Since becoming aware of the issue, Palo Alto Networks has safely deleted all the known GlobalProtectLogs zip files sent by customers with the credentials. We now filter and remove these credentials from all files sent to Customer Support. The GlobalProtectLogs zip files uploaded to Palo Alto Networks systems were only accessible by authorized personnel with valid Palo Alto Networks credentials. We do not have any evidence of malicious access or use of these credentials.
Vulnerability Analysis
CVE-2020-2004 is exploitable with local system access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and a small impact on availability.
Timeline
Initial publication
Weakness Type
DEPRECATED: Information Exposure Through Debug Log Files
This entry has been deprecated because its abstraction was too low-level. See CWE-532.
Products Associated with CVE-2020-2004
Want to know whenever a new CVE is published for Palo Alto Networks Globalprotect? stack.watch will email you.
Affected Versions
Palo Alto Networks GlobalProtect App:- Version 5.0 and below 5.0.9 is affected.
- Version 5.1 and below 5.1.2 is affected.
- Version 5.0.9 and below 5.0* is unaffected.
- Version 5.1.2 and below 5.1* is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.