CVE-2020-2032 GlobalProtect App: File race condition vulnerability leads to local privilege escalation during upgrade
A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges.
This issue can be exploited only while performing a GlobalProtect app upgrade.
This issue affects:
GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 on Windows;
GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 on Windows.
|GlobalProtect App 5.1||< 5.1.4 on Windows||>= 5.1.4 on Windows|
|GlobalProtect App 5.0||< 5.0.10 on Windows||>= 5.0.10 on Windows|
CVSSv3.1 Base Score:7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
This issue is fixed in GlobalProtect app 5.0.10, GlobalProtect app 5.1.4, and all later GlobalProtect app versions.