Plataforma
paloalto
Componente
globalprotect-agent
Corregido en
4.1.11
4.1.11
CVE-2019-1573 is an information disclosure vulnerability affecting Palo Alto Networks GlobalProtect Agent versions 4.1 through 4.1*. An attacker with local access and a compromised user account can inspect memory to retrieve authentication and session tokens. This allows them to potentially replay these tokens and gain unauthorized access to the VPN session as the user.
The primary impact of CVE-2019-1573 is unauthorized access to VPN resources. A successful exploitation allows an attacker to impersonate a legitimate user, bypassing authentication controls. This could lead to data breaches, system compromise, and lateral movement within the network. While the CVSS score is LOW, the potential for privilege escalation and data exfiltration makes this vulnerability a concern, especially in environments with sensitive data or critical infrastructure.
CVE-2019-1573 was publicly disclosed on April 9, 2019. No public proof-of-concept (POC) code has been widely reported. The vulnerability's low CVSS score and lack of public exploits suggest a low probability of active exploitation, but diligent patching remains crucial. It is not listed on the CISA KEV catalog.
Organizations utilizing Palo Alto Networks GlobalProtect Agent for remote access, particularly those with legacy systems or configurations lacking robust access controls, are at risk. Users with elevated privileges or access to sensitive data are especially vulnerable.
• windows / supply-chain:
Get-Process -Name GlobalProtectAgent | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID = 1000 -ProviderName GlobalProtectAgent" | Select-String -Pattern "authentication token"• windows / supply-chain: Check Autoruns for unusual entries related to GlobalProtect Agent or its components.
disclosure
Estado del Exploit
EPSS
0.23% (46% percentil)
Vector CVSS
The primary mitigation for CVE-2019-1573 is to upgrade the GlobalProtect Agent to version 4.1* or later. If immediate upgrade is not possible, consider implementing stricter access controls and monitoring for suspicious activity. Review user account permissions and enforce multi-factor authentication (MFA) where feasible. While a direct WAF rule is unlikely, monitor VPN connection logs for unusual patterns or unexpected user activity.
Actualice GlobalProtect Agent a la versión 4.1.11 o posterior. Esta actualización corrige la vulnerabilidad que permite a un atacante local autenticado acceder a tokens de autenticación y/o sesión.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2019-1573 is a vulnerability in GlobalProtect Agent allowing local attackers to access authentication tokens, potentially enabling VPN session spoofing.
You are affected if you are using GlobalProtect Agent versions 4.1–4.1*. Check your version and upgrade accordingly.
Upgrade to GlobalProtect Agent version 4.1* or later to resolve this information disclosure vulnerability.
While no widespread exploitation has been publicly reported, diligent patching is recommended to prevent potential attacks.
Refer to the Palo Alto Networks Security Advisories page for details: https://www.paloaltonetworks.com/support/security-advisories
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.