CVE-2024-2432 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
Urgency
MODERATE
Response Effort
LOW
Recovery
AUTOMATIC
Value Density
DIFFUSE
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
PRESENT
Automatable
NO
User Interaction
NONE
Product Confidentiality
LOW
Product Integrity
LOW
Product Availability
LOW
Privileges Required
LOW
Subsequent Confidentiality
HIGH
Subsequent Integrity
HIGH
Subsequent Availability
HIGH
Description
A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| GlobalProtect App 6.2 | < 6.2.1 on Windows | >= 6.2.1 on Windows |
| GlobalProtect App 6.1 | < 6.1.2 on Windows | >= 6.1.2 on Windows |
| GlobalProtect App 6.0 | < 6.0.8 on Windows | >= 6.0.8 on Windows |
| GlobalProtect App 5.1 | < 5.1.12 on Windows | >= 5.1.12 on Windows |
Severity: MEDIUM
CVSSv4.0 Base Score: 5.2 (CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/AU:N/R:A/V:D/RE:L/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue. However, a proof of concept for this issue is publicly available.
Weakness Type
CWE-269 Improper Privilege Management
Solution
This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 6.0.8, GlobalProtect app 6.1.2, GlobalProtect app 6.2.1, and all later GlobalProtect app versions on Windows.
Acknowledgments
Palo Alto Networks thanks Erwin Chan for discovering and reporting this issue.
Timeline
Updated Exploitation Status section to indicate availability of a proof of concept
Initial publication