Palo Alto Networks Security Advisories / CVE-2022-0017

CVE-2022-0017 GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation

047910
Severity 7 · HIGH
Attack Vector LOCAL
Scope UNCHANGED
Attack Complexity HIGH
Confidentiality Impact HIGH
Privileges Required LOW
Integrity Impact HIGH
User Interaction NONE
Availability Impact HIGH

Description

An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances.

This issue impacts:

GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows.

GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows.

This issue does not affect GlobalProtect app on other platforms.

Product Status

VersionsAffectedUnaffected
GlobalProtect App 5.3None5.3.*
GlobalProtect App 5.2< 5.2.5 on Windows>= 5.2.5 on Windows
GlobalProtect App 5.1< 5.1.10 on Windows>= 5.1.10 on Windows

Severity:HIGH

CVSSv3.1 Base Score:7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-59 Improper Link Resolution Before File Access ('Link Following')

Solution

This issue is fixed in GlobalProtect app 5.1.10 on Windows, GlobalProtect app 5.2.5 on Windows and all later GlobalProtect app versions.

Workarounds and Mitigations

There are no known workarounds for this issue.

Acknowledgments

Palo Alto Networks thanks Christophe Schleypen of NATO Cyber Security Centre Pentesting for discovering and reporting this issue.

Timeline

Initial publication
© 2022 Palo Alto Networks, Inc. All rights reserved.