Palo Alto Networks Security Advisories / CVE-2024-5915

CVE-2024-5915 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability

Urgency MODERATE

047910
Severity 5.2 · MEDIUM
Exploit Maturity N/A
Response Effort MODERATE
Recovery AUTOMATIC
Value Density DIFFUSE
Attack Vector LOCAL
Attack Complexity LOW
Attack Requirements PRESENT
Automatable NO
User Interaction NONE
Product Confidentiality NONE
Product Integrity LOW
Product Availability NONE
Privileges Required LOW
Subsequent Confidentiality HIGH
Subsequent Integrity HIGH
Subsequent Availability HIGH

Description

A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges.

Product Status

VersionsAffectedUnaffected
GlobalProtect App 6.3< 6.3.1 on Windows>= 6.3.1 on Windows
GlobalProtect App 6.2< 6.2.4 on Windows>= 6.2.4 on Windows
GlobalProtect App 6.1< 6.1.5 on Windows>= 6.1.5 on Windows
GlobalProtect App 6.0< 6.0.10-c826 on Windows>= 6.0.10-c826 on Windows
GlobalProtect App 5.1< 5.1.x on Windows>= 5.1.x (ETA: December 2024) on Windows

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-B: 5.2 (CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:A/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-732 Incorrect Permission Assignment for Critical Resource

Solution

This issue is fixed in GlobalProtect app 5.1.x (ETA: December 2024), GlobalProtect app 6.0.10-c826, GlobalProtect app 6.1.5, GlobalProtect app 6.2.4, GlobalProtect app 6.3.1, and all later GlobalProtect app versions on Windows.

Workarounds and Mitigations

Ensure that the GlobalProtect installation directory and its contents cannot be modified by non-administrative Windows users.

Acknowledgments

Palo Alto Networks thanks Ashutosh Gautam/JumpThere, Maciej Miszczyk of Logitech, Will Dormann of ANALYGENCE, Farid Zerrouk, Alaa Kachouh, and Ali Jammal for discovering and reporting this issue.

Timeline

Clarified GlobalProtect App 6.0.10 build version
Updated GlobalProtect App 6.0.10 availability
Updated GlobalProtect App 6.3.1 availability
Added Workaround
Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.