This video discusses the latest CVE for Globalprotect, unlike other videos there is no fix demonstrated in this one due to two things,

1) The main fix from Palo Alto is to use version 6.2.6 as this is unaffected
2) When I tried the second workaround from Palo Alto I was unable to demonstrate as I had a technical issue with my lab meaning that I could not enable FIPS-CC Mode on Globalprotect.

Essentially this CVE is centered on certificate validation, or the lack of in some versions of Globalprotect allowing a local malicious user to connect GP to malicious servers and then install Malicious Root CA Certs on the affected device, while this is obviously a serious security concern a lot of things would need to happen for our malicious actor to be in a position to exploit the vulnerability, and I would also argue that at that point they would have control of the device and could effect their attack in other easier ways.

That said, I am trying to cover CVE's as they come out in my own way so the video was made and here it is enjoy!

I will keep watching this one to see if there is another video I can make providing more fix info.

свернуть