CVE-2024-2431 GlobalProtect App: Local User Can Disable GlobalProtect
Description
An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app without needing the passcode in configurations that allow a user to disable GlobalProtect with a passcode.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| GlobalProtect App 6.2 | None | All |
| GlobalProtect App 6.1 | < 6.1.1 | >= 6.1.1 |
| GlobalProtect App 6.0 | < 6.0.4 | >= 6.0.4 |
| GlobalProtect App 5.2 | < 5.2.13 | >= 5.2.13 |
| GlobalProtect App 5.1 | < 5.1.12 | >= 5.1.12 |
Required Configuration for Exposure
This is an issue only if "Allow User to Disable GlobalProtect App" is set to "Allow with Passcode". You should check this setting in your firewall web interface (Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App) and take the appropriate actions as needed.
Severity: MEDIUM
CVSSv4.0 Base Score: 5.7 (CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type
CWE-269 Improper Privilege Management
Solution
This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.4, GlobalProtect app 6.1.1, and all later GlobalProtect app versions.
Workarounds and Mitigations
You can mitigate this issue by setting "Allow User to Disable GlobalProtect App" to "Disallow" or "Allow with Ticket."