Palo Alto Networks Security Advisories / CVE-2017-15870

CVE-2017-15870 GlobalProtect App Vulnerability

047910
Severity 6.7 · MEDIUM
Attack Vector LOCAL
Attack Complexity LOW
Privileges Required HIGH
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH

Description

An "image path execution hijacking" vulnerability affects the Palo Alto Networks Global Protect Client. Exploitation of this issue requires the root privileges on the local station. An attacker could exploit this vulnerability to obtain a certain level of persistence on the compromised host. (ref # GPC-4401 / CVE-2017-15870)

Successful exploitation requires local administrative privileges.

This issue affects GlobalProtect App for macOS 4.0.2 and earlier

Product Status

VersionsAffectedUnaffected
GlobalProtect App 4.0<= 4.0.2 on OS X>= 4.0.3 on OS X

Severity: MEDIUM

CVSSv3.1 Base Score: 6.7 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Weakness Type

Solution

GlobalProtect App for macOS 4.0.3 and later

Workarounds and Mitigations

N/A

Acknowledgments

Palo Alto Networks would like to thank Jaron Bradley and Brandon McCann from CrowdStrike for reporting this issue
© 2020 Palo Alto Networks, Inc. All rights reserved.