Vulnerability DatabaseCVE-2020-2004

CVE-2020-2004:
Palo Alto Networks GlobalProtect Agent vulnerability analysis and mitigation

Overview

CVE-2020-2004 affects the GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows, where user passwords may be logged in cleartext in the PanGPS.log diagnostic file under specific conditions. The vulnerability was discovered internally by Palo Alto Networks and disclosed on May 13, 2020. The affected versions include GlobalProtect app 5.0 versions earlier than 5.0.9 and GlobalProtect app 5.1 versions earlier than 5.1.2 on Windows or MacOS platforms (Palo Alto Advisory).

Technical details

The vulnerability occurs when three specific conditions are met: (1) 'Save User Credential' option is set to 'Yes' in the GlobalProtect Portal's Agent configuration, (2) the GlobalProtect user manually selects a gateway, and (3) the logging level is set to 'Dump' while collecting troubleshooting logs. The vulnerability has been assigned a CVSS v3.1 Base Score of 6.8 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L. The weakness is classified as CWE-534 (Information Exposure Through Debug Log Files) (Palo Alto Advisory).

Impact

The vulnerability could lead to exposure of user credentials in cleartext within the PanGPS.log diagnostic file. While the GlobalProtectLogs zip files were only accessible by authorized personnel with valid Palo Alto Networks credentials, the exposure of passwords in log files presents a security risk. Palo Alto Networks has confirmed they have no evidence of malicious access or use of these credentials (Palo Alto Advisory).

Mitigation and workarounds

Multiple mitigation options are available: 1) Do not set the 'Logging Level' option to 'Dump' while collecting troubleshooting logs (the issue does not occur when set to 'Debug'), 2) Set the 'Save User Credential' option to 'No' in the GlobalProtect Portal's Agent configuration, or 3) Use Single-Sign-On (SSO) feature instead of the 'Save User Credential' option. The vulnerability has been fixed in GlobalProtect app versions 5.0.9, 5.1.2, and all later versions (Palo Alto Advisory).

Additional resources

Source: This report was generated using AI

Related Palo Alto Networks GlobalProtect Agent vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-4232	HIGH	8.5	Palo Alto Networks GlobalProtect Agent	cpe:2.3:a:paloaltonetworks:globalprotect	No	Yes	Jun 13, 2025
CVE-2025-0120	HIGH	7.1	Palo Alto Networks GlobalProtect Agent	cpe:2.3:a:paloaltonetworks:globalprotect	No	Yes	Apr 11, 2025
CVE-2025-0118	MEDIUM	6	Palo Alto Networks GlobalProtect Agent	cpe:2.3:a:paloaltonetworks:globalprotect	No	Yes	Mar 12, 2025
CVE-2025-0135	MEDIUM	5.2	Palo Alto Networks GlobalProtect Agent	cpe:2.3:a:paloaltonetworks:globalprotect	No	Yes	May 14, 2025
CVE-2025-4227	LOW	1	Palo Alto Networks GlobalProtect Agent	cpe:2.3:a:paloaltonetworks:globalprotect	No	Yes	Jun 13, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2020-2004: Palo Alto Networks GlobalProtect Agent vulnerability analysis and mitigation