PAN-SA-2014-0006 Privilege escalation in GlobalProtect App for Mac OS X
Attack Vector
LOCAL
Scope
UNCHANGED
Attack Complexity
LOW
Confidentiality Impact
HIGH
Privileges Required
LOW
Integrity Impact
HIGH
User Interaction
REQUIRED
Availability Impact
HIGH
Description
A path injection vulnerability affecting the GlobalProtect App for Mac OS X 2.1.0 and earlier could allow a local attacker to gain elevated privileges on a targeted system.
Successful exploitation of this vulnerability results in a lower privileged user obtaining elevated privileges. A local attacker could exploit this vulnerability to execute arbitrary code in the security context of the local system.
This issue affects GlobalProtect app version 2.1.0 and earlier for Mac OS X.
Product Status
Versions | Affected | Unaffected |
---|---|---|
GlobalProtect App 2.1 | <= 2.1.0 on Mac OS X | >= 2.1.1 on Mac OS X |
Severity: HIGH
CVSSv3.1 Base Score: 7.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
Solution
GlobalProtect 2.1.1 for Mac OS X addresses the issue described in this advisory.
Workarounds and Mitigations
N/A
Acknowledgments
Palo Alto Networks thanks Alexandru Radocea of CrowdStrike for discovering and reporting the issue.