GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server.
Add your gear to cvedb and we'll alert you only when globalprotect-openconnect_project ships something exploited.
Check my exposure →This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.