Global Protect Vulnerability (PAN-SA-2017-0029)

Last revised: 12/14/2017


An "image path execution hijacking" vulnerability affects the Palo Alto Networks Global Protect Client. Exploitation of this issue requires the root privileges on the local station. An attacker could exploit this vulnerability to obtain a certain level of persistence on the compromised host. (ref # GPC-4401 / CVE-2017-15870)

Severity: Low

Successful exploitation requires local administrative privileges.

Products Affected

GlobalProtect agent for macOS 4.0.2 and earlier

Available Updates

GlobalProtect agent for macOS 4.0.3 and later

Workarounds and Mitigations



Palo Alto Networks would like to thank Jaron Bradley and Brandon McCann from CrowdStrike for reporting this issue