Palo Alto Networks Security Advisories / CVE-2019-1573

CVE-2019-1573 Information Disclosure in GlobalProtect App

Severity 2.5 · LOW
Attack Vector LOCAL
Attack Complexity HIGH
Confidentiality Impact LOW
Privileges Required LOW
Integrity Impact NONE
User Interaction NONE
Availability Impact NONE


An information disclosure vulnerability exists in the GlobalProtect App for Windows and macOS (VU#192371).

Successful exploitation of this issue would allow a local authenticated attacker to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user. An attacker should have already compromised the end user account and gained the ability to inspect memory in order to obtain these tokens.

This issue affects GlobalProtect App 4.1.0 for Windows and GlobalProtect App 4.1.10 and earlier for macOS. GlobalProtect App for macOS 5.0 is NOT affected.

Product Status

GlobalProtect App 4.1<= 4.1.0 on Windows, <= 4.1.10 on OS X>= 4.1.1 on Windows, >= 4.1.11 on OS X

Severity: LOW

CVSSv3.1 Base Score: 2.5 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)

Weakness Type

CWE-200 Information Exposure


GlobalProtect App 4.1.1 and later for Windows, and GlobalProtect App 4.1.11 and later for macOS.

Workarounds and Mitigations



Update CVSS score to be accurate, since the attack vector is local and an attacker should have already compromised the user machine and have the ability inspect memory.
Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.