Skip to main content

VPN Applications Unencrypted Store of Session Cookies Vulnerability

Last Update Date: 12 Apr 2019 16:39 Release Date: 12 Apr 2019 4490 Views

RISK: High Risk

TYPE: Operating Systems - Application Platforms

TYPE: Application Platforms

A vulnerability was identified in VPN applications, a remote attacker could exploit this vulnerability to trigger spoofing, disclose sensitive information and bypass security restriction on the targeted system.


Impact

  • Security Restriction Bypass
  • Information Disclosure
  • Spoofing

System / Technologies affected

  • Palo Alto Networks GlobalProtect Agent 4.1.0 and prior versions
  • Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2
  • Cisco AnyConnect 4.7.x and prior versions

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 

  • The vendor has issued a fix for Palo Alto Application (Palo Alto Networks GlobalProtect version 4.1.1)
  • Notes: No patch is currently available for Cisco product and Pulse Secure product.

     

 


Vulnerability Identifier


Source


Related Link