CVE-2024-5915 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
Description
A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| GlobalProtect App 6.3 | < 6.3.1 on Windows | >= 6.3.1 on Windows |
| GlobalProtect App 6.2 | < 6.2.4 on Windows | >= 6.2.4 on Windows |
| GlobalProtect App 6.1 | < 6.1.5 on Windows | >= 6.1.5 on Windows |
| GlobalProtect App 6.0 | < 6.0.10-c826 on Windows | >= 6.0.10-c826 on Windows |
| GlobalProtect App 5.1 | < 5.1.x on Windows | >= 5.1.x (ETA: December 2024) on Windows |
Severity: MEDIUM, Suggested Urgency: MODERATE
CVSS-B: 5.2 (CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:A/V:D/RE:M/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type
CWE-732 Incorrect Permission Assignment for Critical Resource
Solution
This issue is fixed in GlobalProtect app 5.1.x (ETA: December 2024), GlobalProtect app 6.0.10-c826, GlobalProtect app 6.1.5, GlobalProtect app 6.2.4, GlobalProtect app 6.3.1, and all later GlobalProtect app versions on Windows.
Workarounds and Mitigations
Ensure that the GlobalProtect installation directory and its contents cannot be modified by non-administrative Windows users.