CVE-2020-1987
LOWGlobalProtect 5.0-5.0.8 - Authenticated VPN Cookie Exposure via Troubleshooting Log Level
Title source: llmDescription
An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://security.paloaltonetworks.com/CVE-2020-1987
Scores
CVSS v3
3.9
EPSS
0.0029
EPSS Percentile
20.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Details
CWE
CWE-200
CWE-532
Status
published
Products (1)
paloaltonetworks/globalprotect
5.0 - 5.0.9
Published
Apr 08, 2020
Tracked Since
Feb 18, 2026