Palo Alto Networks Security Advisories / CVE-2019-17436

CVE-2019-17436 Local Privilege Escalation in GlobalProtect Agent for Linux and Mac OS

047910
Severity 7.1 · HIGH
Attack Vector LOCAL
Attack Complexity LOW
Privileges Required LOW
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact NONE
Integrity Impact HIGH
Availability Impact HIGH

Description

A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OSX that can allow non-root users to overwrite root files on the file system. (Ref # GPC-8945, CVE-2019-17436)

Successful exploitation of this issue may allow a low-privileged local user to escalate their privileges on the system.

This issue affects GlobalProtect Agent 5.0.4 and earlier for Linux and Mac OS and GlobalProtect Agent 4.1.12 and earlier for Linux and Mac OS.

Product Status

VersionsAffectedUnaffected
GlobalProtect Agent 5.0<= 5.0.4>= 5.0.5
GlobalProtect Agent 4.1<= 4.1.12>= 4.1.13

Severity: HIGH

CVSSv3.1 Base Score: 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)

Weakness Type

CWE-269 Improper Privilege Management

Solution

GlobalProtect Agent 4.1.13 and later for Linux and Mac OS and GlobalProtect Agent 5.0.5 and later for Linux and Mac OS.

Workarounds and Mitigations

N/A

Acknowledgments

Palo Alto Networks would like to thank Hanno Heinrichs of CrowdStrike Intelligence for reporting this issue.
© 2020 Palo Alto Networks, Inc. All rights reserved.