Get supportSecurity advisories
Subscriptions
Report vulnerabilities
Palo Alto Networks Security Advisories / CVE-2019-17435

CVE-2019-17435 Local Privilege Escalation in GlobalProtect Agent for Windows


Severity 5.5 · MEDIUM
Attack Vector LOCAL
Attack Complexity LOW
Privileges Required LOW
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact NONE
Integrity Impact HIGH
Availability Impact NONE
NVD JSON
Published: 2019-10-15
Updated: 2019-10-15
Ref#: GPC-8977 PAN-SA-2019-0036

Description

A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows auto-update feature that can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation. (Ref # GPC-8977, CVE-2019-17435)

Successful exploitation of this issue may allow a low-privileged local user to escalate their privileges to the System user.

This issue affects GlobalProtect Agent 5.0.3 and earlier for Windows and GlobalProtect Agent 4.1.12 and earlier for Windows.

Product Status

GlobalProtect Agent

VersionsAffectedUnaffected
5.0<= 5.0.3>= 5.0.4
4.1<= 4.1.12>= 4.1.13

Severity: MEDIUM

CVSSv3.1 Base Score: 5.5 ( CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N )

Solution

GlobalProtect Agent 4.1.13 and later for Windows and GlobalProtect Agent 5.0.4 and later for Windows.

Workarounds and Mitigations

N/A

Acknowledgements

  • Palo Alto Networks would like to thank Hanno Heinrichs of CrowdStrike Intelligence for reporting this issue.
© 2020 Palo Alto Networks, Inc. All rights reserved.