Palo Alto Networks Security Advisories / CVE-2022-0017

CVE-2022-0017 GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation

Severity 7 · HIGH
Attack Vector LOCAL
Attack Complexity HIGH
Confidentiality Impact HIGH
Privileges Required LOW
Integrity Impact HIGH
User Interaction NONE
Availability Impact HIGH


An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances.

This issue impacts:

GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows.

GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows.

This issue does not affect GlobalProtect app on other platforms.

Product Status

GlobalProtect App 5.3None5.3.*
GlobalProtect App 5.2< 5.2.5 on Windows>= 5.2.5 on Windows
GlobalProtect App 5.1< 5.1.10 on Windows>= 5.1.10 on Windows

Severity: HIGH

CVSSv3.1 Base Score: 7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-59 Improper Link Resolution Before File Access ('Link Following')


This issue is fixed in GlobalProtect app 5.1.10 on Windows, GlobalProtect app 5.2.5 on Windows and all later GlobalProtect app versions.

Workarounds and Mitigations

There are no known workarounds for this issue.


Palo Alto Networks thanks Christophe Schleypen of NATO Cyber Security Centre Pentesting for discovering and reporting this issue.


Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.