CVE-2020-1976

CVE

Medium

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to …

CVSS

5.5

Medium

EPSS

0.00

p19

Published

2020-01-01

Updated

2020-01-01

Description

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS.

Tags · CWE

CWE-642

CAPEC-21

CAPEC-31

Affected products

Globalprotect 5.0–5.0.5

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Timeline

2020-01-01

Published

2020-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: L

Low (L)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: N

None (N)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.003 · p19

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1134Access Token Manipulation

└ via CAPEC-21 · CWE-642

T1528Steal Application Access Token

└ via CAPEC-21 · CWE-642

T1539Steal Web Session Cookie

└ via CAPEC-21 · CWE-642

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Paloaltonetworks

Globalprotect

Product	Vendor	Status
globalprotect	*	Tracked

Source databases

CVE

Related vulnerabilities

BDU:2020-03299