A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows auto-update feature that can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation. (Ref # GPC-8977, CVE-2019-17435)
Successful exploitation of this issue may allow a low-privileged local user to escalate their privileges to the System user.
This issue affects GlobalProtect Agent 5.0.3 and earlier for Windows and GlobalProtect Agent 4.1.12 and earlier for Windows.
|5.0||<= 5.0.3||>= 5.0.4|
|4.1||<= 4.1.12||>= 4.1.13|
CVSSv3.1 Base Score: 5.5 ( CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N )
GlobalProtect Agent 4.1.13 and later for Windows and GlobalProtect Agent 5.0.4 and later for Windows.