Based on their CVSS score, the more serious of the flaws is CVE-2020-2034, which impacts the GlobalProtect portal and allows an unauthenticated attacker with network access to the targeted system to execute arbitrary operating system commands with root permissions.
“An attacker would require some level of specific information about the configuration of an impacted firewall or perform brute-force attacks to exploit this issue,” the vendor said in its advisory.