Man-in-the-middle Vulnerability in GlobalProtect (PAN-SA-2012-0018)

Last revised: 10/22/2012

Summary

A vulnerability exists in NetConnect (all version) and GlobalPortect (1.1.6 and earlier) whereby the agent does not verify the certificate presented by the portal server, enabling a possible Man-in-the-middle attack.

Severity: High

This vulnerability can result in an agent connecting to an attacker-controlled server allowing the attacker to receive the username and password of the affected user.

Products Affected

NetConnect (all versions); GlobalProtect (1.1.6 and earlier).

Available Updates

GlobalProtect 1.1.7 and later; NetConnect is discontinued.

Workarounds and Mitigations

No mitigations available.

Acknowledgements

N/A