Global Protect Agent: Local privilege escalation due to an unquoted search path vulnerability
CVE-2020-1988

4.2MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Global Protect Agent
Vendor: CVE Published:; 8 April 2020

What is CVE-2020-1988?

An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;

Affected Version(s)

Global Protect Agent Windows 5.0 < 5.0.5

Global Protect Agent Windows 4.1 < 4.1.13

References

https://security.paloaltonetworks.com/CVE-2020-1988

x_refsource_MISC

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2020
Vulnerability Reserved
Dec 4, 2019

Credit

Palo Alto Networks thanks Ratnesh Pandey of Bromium and Matthew Batten for discovering and reporting this issue.