vulnerability

Palo Alto Networks GlobalProtect App: CVE-2024-5908: Encrypted Credential Exposure via Log Files

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:C/I:N/A:N)	Jun 12, 2024	May 21, 2025	Jun 12, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:N)

Published

Jun 12, 2024

Added

May 21, 2025

Modified

Jun 12, 2025

Description

A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these encrypted credentials are exposed to recipients of the application logs.

Solution

palo-alto-networks-globalprotect-app-upgrade-latest

References

CVE-2024-5908
https://attackerkb.com/topics/CVE-2024-5908
URL-https://security.paloaltonetworks.com/json/CVE-2024-5908

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today