CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-1988

An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.5%

CVSS Severity

CVSS v3 Score 4.2

CVSS v2 Score 7.2

References

https://security.paloaltonetworks.com/CVE-2020-1988
https://security.paloaltonetworks.com/CVE-2020-1988

Products affected by CVE-2020-1988

Paloaltonetworks » Globalprotect » Version: 4.1.0

cpe:2.3:a:paloaltonetworks:globalprotect:4.1.0
Paloaltonetworks » Globalprotect » Version: 4.1.12

cpe:2.3:a:paloaltonetworks:globalprotect:4.1.12
Paloaltonetworks » Globalprotect » Version: 5.0.0

cpe:2.3:a:paloaltonetworks:globalprotect:5.0.0
Paloaltonetworks » Globalprotect » Version: 5.0.3

cpe:2.3:a:paloaltonetworks:globalprotect:5.0.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-1988

Products

Pricing

Contact Us