CVE-2024-5915 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
Description
A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| GlobalProtect App 6.3 | < 6.3.1 on Windows | >= 6.3.1 (ETA: end of August) on Windows |
| GlobalProtect App 6.2 | < 6.2.4 on Windows | >= 6.2.4 on Windows |
| GlobalProtect App 6.1 | < 6.1.5 on Windows | >= 6.1.5 on Windows |
| GlobalProtect App 6.0 | < 6.0.x on Windows | >= 6.0.x (ETA: November 2024) on Windows |
| GlobalProtect App 5.1 | < 5.1.x on Windows | >= 5.1.x (ETA: December 2024) on Windows |
Severity: MEDIUM
CVSSv4.0 Base Score: 5.2 (CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:A/V:D/RE:M/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type
CWE-732 Incorrect Permission Assignment for Critical Resource
Solution
This issue is fixed in GlobalProtect app 5.1.x (ETA: December 2024), GlobalProtect app 6.0.x (ETA: November 2024), GlobalProtect app 6.1.5, GlobalProtect app 6.2.4, GlobalProtect app 6.3.1 (ETA: end of August), and all later GlobalProtect app versions on Windows.
Workarounds and Mitigations
Ensure that the GlobalProtect installation directory and its contents cannot be modified by non-administrative Windows users.