Local Privilege Escalation Vulnerability in GlobalProtect Agent by Palo Alto Networks
CVE-2019-17435

5.5MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Globalprotect Agent For Windows
Vendor: CVE Published:; 16 October 2019

Summary

A Local Privilege Escalation vulnerability in the GlobalProtect Agent allows attackers to potentially modify the installer package before installation through the auto-update feature. This flaw could enable an unauthorized user to escalate privileges on affected Windows systems, compromising the security of the entire environment. It is critical for administrators to apply updates and implement proactive measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

GlobalProtect Agent for Windows 5.0.3 and earlier

GlobalProtect Agent for Windows 4.1.12 and earlier

References

https://security.paloaltonetworks.com/CVE-2019-17435

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Oct 10, 2019