CVE-2012-6606
Palo Alto Networks GlobalProtect < 1.1.7 and NetConnect - Man-in-the-Middle Certificate Spoofing
Title source: llmDescription
Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof portal servers and obtain sensitive information via a crafted certificate.
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
https://security.paloaltonetworks.com/CVE-2012-6606
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-10/0100.html
Scores
EPSS
0.0023
EPSS Percentile
45.5%
Details
CWE
CWE-310
Status
published
Products (2)
paloaltonetworks/globalprotect
< 1.1.6
paloaltonetworks/netconnect
Published
Aug 31, 2013
Tracked Since
Feb 18, 2026