Image Path Execution Hijacking in Palo Alto Networks GlobalProtect Agent
CVE-2017-15870

6.7MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Globalprotect
Vendor: CVE Published:; 11 December 2017

Summary

The vulnerability allows attackers with administrative rights on a local station to escalate their privileges to SYSTEM level by exploiting image path execution hijacking methods within the Palo Alto Networks GlobalProtect Agent. This exploitation could enable unauthorized access and control over sensitive operations of the affected product.

References

http://www.securityfocus.com/bid/102083

vdb-entryx_refsource_BID

https://security.paloaltonetworks.com/CVE-2017-15870

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 11, 2017
Vulnerability Reserved
Oct 24, 2017