An unquoted search path vulnerability in the Windows release of GlobalProtect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges.
This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;
|GlobalProtect Agent 5.0||< 5.0.5 on Windows||>= 5.0.5 on Windows|
|GlobalProtect Agent 4.1||< 4.1.13 on Windows||>= 4.1.13 on Windows|
This issue only affects Windows systems where local users are configured with file creation privileges to the root of the OS disk (C:\) or 'Program Files' directory.
CVSSv3.1 Base Score: 4.2 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L)
This issue is fixed in GlobalProtect Agent 5.0.5, GlobalProtect Agent 4.1.13 and all later versions.
Do not grant file creation privileges on the root of the OS disk (C:\) or 'Program Files' directory to unprivileged users.