CVE-2017-15870 GlobalProtect App Vulnerability
Attack Vector
LOCAL
Scope
UNCHANGED
Attack Complexity
LOW
Confidentiality Impact
HIGH
Privileges Required
HIGH
Integrity Impact
HIGH
User Interaction
NONE
Availability Impact
HIGH
Description
An "image path execution hijacking" vulnerability affects the Palo Alto Networks Global Protect Client. Exploitation of this issue requires the root privileges on the local station. An attacker could exploit this vulnerability to obtain a certain level of persistence on the compromised host. (ref # GPC-4401 / CVE-2017-15870)
Successful exploitation requires local administrative privileges.
This issue affects GlobalProtect App for macOS 4.0.2 and earlier
Product Status
Versions | Affected | Unaffected |
---|---|---|
GlobalProtect App 4.0 | <= 4.0.2 on OS X | >= 4.0.3 on OS X |
Severity: MEDIUM
CVSSv3.1 Base Score: 6.7 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Solution
GlobalProtect App for macOS 4.0.3 and later
Workarounds and Mitigations
N/A
Acknowledgments
Palo Alto Networks would like to thank Jaron Bradley and Brandon McCann from CrowdStrike for reporting this issue