CVE-2020-1987
LOWPaloaltonetworks Globalprotect < 5.0.9 - Information Disclosure
Title source: ruleDescription
An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://security.paloaltonetworks.com/CVE-2020-1987
Scores
CVSS v3
3.9
EPSS
0.0005
EPSS Percentile
13.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Details
CWE
CWE-532
CWE-200
Status
published
Products (1)
paloaltonetworks/globalprotect
5.0 - 5.0.9
Published
Apr 08, 2020
Tracked Since
Feb 18, 2026