How severe is CVE-2020-2033?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2020-2033?

This is classified as CWE-290, which is a common weakness in software security.

CVE-2020-2033 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. This allows the attacker to access the GlobalProtect Server as allowed by configured Security rules for the 'pre-login' user. This access may be limited compared to the network access of regular users. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 when the prelogon feature is enabled; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 when the prelogon feature is enabled.

Related Vulnerabilities

CVE-2019-0388

MEDIUM

CVSS:5.3(Medium)

SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation.

CWE-2902019

CVE-2019-18659

MEDIUM

CVSS:5.3(Medium)

The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE Sy...

CWE-2902019

CVE-2019-20203

MEDIUM

CVSS:5.3(Medium)

The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message.

CWE-2902019

CVE-2020-10136

MEDIUM

CVSS:5.3(Medium)

IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected beha...

CWE-2902020

CVE-2020-10807

MEDIUM

CVSS:5.3(Medium)

auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header.

CWE-2902020

CVE-2020-12272

MEDIUM

CVSS:5.3(Medium)

OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing...

CWE-2902020