Palo Alto Networks Security Advisories / CVE-2024-2432

CVE-2024-2432 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability

Severity 5.2 · MEDIUM
Response Effort LOW
Value Density DIFFUSE
Attack Vector LOCAL
Attack Complexity HIGH
Attack Requirements PRESENT
Automatable NO
User Interaction NONE
Product Confidentiality LOW
Product Integrity LOW
Product Availability LOW
Privileges Required LOW
Subsequent Confidentiality HIGH
Subsequent Integrity HIGH
Subsequent Availability HIGH


A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.

Product Status

GlobalProtect App 6.2< 6.2.1 on Windows>= 6.2.1 on Windows
GlobalProtect App 6.1< 6.1.2 on Windows>= 6.1.2 on Windows
GlobalProtect App 6.0< 6.0.8 on Windows>= 6.0.8 on Windows
GlobalProtect App 5.1< 5.1.12 on Windows>= 5.1.12 on Windows

Severity: MEDIUM

CVSSv4.0 Base Score: 5.2 (CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/AU:N/R:A/V:D/RE:L/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue. However, a proof of concept for this issue is publicly available.

Weakness Type

CWE-269 Improper Privilege Management


This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 6.0.8, GlobalProtect app 6.1.2, GlobalProtect app 6.2.1, and all later GlobalProtect app versions on Windows.


Palo Alto Networks thanks Erwin Chan for discovering and reporting this issue.


Updated Exploitation Status section to indicate availability of a proof of concept
Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.