Palo Alto Networks Security Advisories / PAN-SA-2014-0006

PAN-SA-2014-0006 Privilege escalation in GlobalProtect App for Mac OS X

047910
Severity 7.3 · HIGH
Attack Vector LOCAL
Attack Complexity LOW
Privileges Required LOW
User Interaction REQUIRED
Scope UNCHANGED
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH
JSON
Published 2014-12-10
Updated 2014-12-10
Reference PAN-SA-2014-0006
Discovered externally

Description

A path injection vulnerability affecting the GlobalProtect App for Mac OS X 2.1.0 and earlier could allow a local attacker to gain elevated privileges on a targeted system.

Successful exploitation of this vulnerability results in a lower privileged user obtaining elevated privileges. A local attacker could exploit this vulnerability to execute arbitrary code in the security context of the local system.

This issue affects GlobalProtect app version 2.1.0 and earlier for Mac OS X.

Product Status

VersionsAffectedUnaffected
GlobalProtect App 2.1<= 2.1.0 on Mac OS X>= 2.1.1 on Mac OS X

Severity: HIGH

CVSSv3.1 Base Score: 7.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

Weakness Type

Solution

GlobalProtect 2.1.1 for Mac OS X addresses the issue described in this advisory.

Workarounds and Mitigations

N/A

Acknowledgments

Alexandru Radocea of CrowdStrike
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure Policy Report vulnerabilitiesManage subscriptions
© 2020 Palo Alto Networks, Inc. All rights reserved.