Palo Alto Networks Security Advisories / CVE-2017-15870

CVE-2017-15870 Global Protect Vulnerability

047910
Severity 6.7 · MEDIUM
Attack Vector LOCAL
Attack Complexity LOW
Privileges Required HIGH
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH

Description

An "image path execution hijacking" vulnerability affects the Palo Alto Networks Global Protect Client. Exploitation of this issue requires the root privileges on the local station. An attacker could exploit this vulnerability to obtain a certain level of persistence on the compromised host. (ref # GPC-4401 / CVE-2017-15870)

Successful exploitation requires local administrative privileges.

This issue affects GlobalProtect agent for macOS 4.0.2 and earlier

Product Status

VersionsAffectedUnaffected
GlobalProtect Agent 4.0<= 4.0.2 on OS X>= 4.0.3 on OS X

Severity: MEDIUM

CVSSv3.1 Base Score: 6.7 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Weakness Type

Solution

GlobalProtect agent for macOS 4.0.3 and later

Workarounds and Mitigations

N/A

Acknowledgments

Palo Alto Networks would like to thank Jaron Bradley and Brandon McCann from CrowdStrike for reporting this issue
© 2020 Palo Alto Networks, Inc. All rights reserved.