Global Protect Vulnerability (PAN-SA-2017-0029)

Last revised: 12/05/2017


An "image path execution hijacking" vulnerability affects the Palo Alto Networks Global Protect Client. Exploitation of this issue requires the administration rights on the local station. An attacker could exploit this vulnerability to obtain a certain level of persistence on the compromised post. The rights obtained are the SYSTEM rights. (ref # GPC-4401 / CVE-2017-15870)

Severity: Low

Successful exploitation requires local administrative privileges.

Products Affected

GlobalProtect agent 4.0.2 and earlier

Available Updates

PAN-OS 4.0.3 and later

Workarounds and Mitigations



Palo Alto Networks would like to thank Brandon McCann from CrowdStrike Inc. for reporting this issue