CVE-2019-17436 Local Privilege Escalation in GlobalProtect App for Linux and Mac OS
A Local Privilege Escalation vulnerability exists in GlobalProtect App for Linux and Mac OSX that can allow non-root users to overwrite root files on the file system. (Ref # GPC-8945, CVE-2019-17436)
Successful exploitation of this issue may allow a low-privileged local user to escalate their privileges on the system.
This issue affects GlobalProtect App 5.0.4 and earlier for Linux and Mac OS and GlobalProtect App 4.1.12 and earlier for Linux and Mac OS.
|GlobalProtect App 5.0||<= 5.0.4||>= 5.0.5|
|GlobalProtect App 4.1||<= 4.1.12||>= 4.1.13|
CVSSv3.1 Base Score: 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
GlobalProtect App 4.1.13 and later for Linux and Mac OS and GlobalProtect App 5.0.5 and later for Linux and Mac OS.
Workarounds and Mitigations