PAN-SA-2014-0006 Privilege escalation in GlobalProtect App for Mac OS X
Attack Vector LOCAL
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required LOW
Integrity Impact HIGH
User Interaction REQUIRED
Availability Impact HIGH
Description
A path injection vulnerability affecting the GlobalProtect App for Mac OS X 2.1.0 and earlier could allow a local attacker to gain elevated privileges on a targeted system.
Successful exploitation of this vulnerability results in a lower privileged user obtaining elevated privileges. A local attacker could exploit this vulnerability to execute arbitrary code in the security context of the local system.
This issue affects GlobalProtect app version 2.1.0 and earlier for Mac OS X.
Product Status
Versions | Affected | Unaffected |
---|---|---|
GlobalProtect App 2.1 | <= 2.1.0 on Mac OS X | >= 2.1.1 on Mac OS X |
Severity: HIGH
CVSSv3.1 Base Score: 7.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
Weakness Type
Solution
GlobalProtect 2.1.1 for Mac OS X addresses the issue described in this advisory.
Workarounds and Mitigations
N/A
Acknowledgments
Alexandru Radocea of CrowdStrike