How severe is CVE-2022-0016?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2022-0016?

This is classified as CWE-703, which is a common weakness in software security.

CVE-2022-0016 - HIGH Severity | CVSS 7.8

Vulnerability Description

An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.

Related Vulnerabilities

CVE-2018-5463

HIGH

CVSS:7.8(High)

A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution.

CWE-7032018

CVE-2019-11245

HIGH

CVSS:7.8(High)

In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If...

CWE-7032019

CVE-2022-22265

HIGH

CVSS:7.8(High)

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

CWE-7032022

CVE-2023-0204

HIGH

CVSS:7.7(High)

NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial ...

CWE-7032023

CVE-2017-16014

HIGH

CVSS:7.5(High)

Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service.

CWE-7032017

CVE-2018-12551

HIGH

CVSS:8.1(High)

When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means ...

CWE-7032018