PAN-SA-2016-0017 Local Privilege Escalation in GlobalProtect App for OS X
A vulnerability was recently identified which allows a local user to escalate privileges through the GlobalProtect App for OS X (Ref # 97042).
Local users not entitled to the admin context on OS X could use this vulnerability to run processes with higher rights.
This issue affects GlobalProtect App for OS X 2.3.4 and earlier; GlobalProtect 3.0.2 and earlier
|GlobalProtect App 3.0||<= 3.0.2 on OS X||>= 3.0.3|
|GlobalProtect App 2.3||<= 2.3.4 on OS X||>= 2.3.5|
CVSSv3.1 Base Score: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
GlobalProtect App for OS X 2.3.5 and later; GlobalProtect 3.0.3 and later
Workarounds and Mitigations