Palo Alto Networks Security Advisories / CVE-2024-2432

CVE-2024-2432 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability

Urgency MODERATE

047910
Severity 5.2 · MEDIUM
Response Effort LOW
Recovery AUTOMATIC
Value Density DIFFUSE
Attack Vector LOCAL
Attack Complexity HIGH
Attack Requirements PRESENT
Automatable NO
User Interaction NONE
Product Confidentiality LOW
Product Integrity LOW
Product Availability LOW
Privileges Required LOW
Subsequent Confidentiality HIGH
Subsequent Integrity HIGH
Subsequent Availability HIGH

Description

A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.

Product Status

VersionsAffectedUnaffected
GlobalProtect App 6.2< 6.2.1 on Windows>= 6.2.1 on Windows
GlobalProtect App 6.1< 6.1.2 on Windows>= 6.1.2 on Windows
GlobalProtect App 6.0< 6.0.8 on Windows>= 6.0.8 on Windows
GlobalProtect App 5.1< 5.1.12 on Windows>= 5.1.12 on Windows

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-B: 5.2 (CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/AU:N/R:A/V:D/RE:L/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue. However, a proof of concept for this issue is publicly available.

Weakness Type

CWE-269 Improper Privilege Management

Solution

This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 6.0.8, GlobalProtect app 6.1.2, GlobalProtect app 6.2.1, and all later GlobalProtect app versions on Windows.

Acknowledgments

Palo Alto Networks thanks Erwin Chan for discovering and reporting this issue.

Timeline

Updated Exploitation Status section to indicate availability of a proof of concept
Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.