An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks GlobalProtect App for Linux on ARM platform allows a local authenticated user to gain root privileges on the system.
This issue affects Palo Alto Networks GlobalProtect App for Linux 5.0 versions before 5.0.8; 5.1 versions before 5.1.1.
Versions | Affected | Unaffected |
---|---|---|
GlobalProtect App 5.1 | < 5.1.1 on Linux ARM | >= 5.1.1 on Linux ARM |
GlobalProtect App 5.0 | < 5.0.8 on Linux ARM | >= 5.0.8 on Linux ARM |
CVSSv3.1 Base Score: 7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CWE-266 Incorrect Privilege Assignment
This issue is fixed in GlobalProtect App 5.0.8, GlobalProtect App 5.1.1 and all later versions.
There are no viable workarounds for this issue.