Platform
paloalto
Component
globalprotect-agent
Fixed in
4.1.11
4.1.11
CVE-2019-1573 is an information disclosure vulnerability affecting Palo Alto Networks GlobalProtect Agent versions 4.1 through 4.1*. An attacker with local access and a compromised user account can inspect memory to retrieve authentication and session tokens. This allows them to potentially replay these tokens and gain unauthorized access to the VPN session as the user.
The primary impact of CVE-2019-1573 is unauthorized access to VPN resources. A successful exploitation allows an attacker to impersonate a legitimate user, bypassing authentication controls. This could lead to data breaches, system compromise, and lateral movement within the network. While the CVSS score is LOW, the potential for privilege escalation and data exfiltration makes this vulnerability a concern, especially in environments with sensitive data or critical infrastructure.
CVE-2019-1573 was publicly disclosed on April 9, 2019. No public proof-of-concept (POC) code has been widely reported. The vulnerability's low CVSS score and lack of public exploits suggest a low probability of active exploitation, but diligent patching remains crucial. It is not listed on the CISA KEV catalog.
Exploit Status
EPSS
0.23% (46% percentile)
CVSS Vector
The primary mitigation for CVE-2019-1573 is to upgrade the GlobalProtect Agent to version 4.1* or later. If immediate upgrade is not possible, consider implementing stricter access controls and monitoring for suspicious activity. Review user account permissions and enforce multi-factor authentication (MFA) where feasible. While a direct WAF rule is unlikely, monitor VPN connection logs for unusual patterns or unexpected user activity.
Update GlobalProtect Agent to version 4.1.11 or later. This update corrects the vulnerability that allows a local authenticated attacker to access authentication and/or session tokens.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-1573 is a vulnerability in GlobalProtect Agent allowing local attackers to access authentication tokens, potentially enabling VPN session spoofing.
You are affected if you are using GlobalProtect Agent versions 4.1–4.1*. Check your version and upgrade accordingly.
Upgrade to GlobalProtect Agent version 4.1* or later to resolve this information disclosure vulnerability.
While no widespread exploitation has been publicly reported, diligent patching is recommended to prevent potential attacks.
Refer to the Palo Alto Networks Security Advisories page for details: https://www.paloaltonetworks.com/support/security-advisories
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.