GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon

CVE-2022-0016

7.4HIGH

Key Information

Vendor: Palo Alto Networks
Status: Globalprotect App
Vendor: CVE Published:; 9 February 2022

Badges

👾 Exploit Exists

Summary

An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.

Affected Version(s)

GlobalProtect App < 5.2.9

GlobalProtect App >= 5.3.*

GlobalProtect App >= 5.1*

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Sep 17, 2024
Risk change from: 7.8 to: 7.4 - (HIGH)
Feb 22, 2024
Initial publication
Feb 9, 2022
Vulnerability published.
Feb 9, 2022
Vulnerability Reserved.
Dec 28, 2021

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks Adam Crosser (Praetorian), Brian Sizemore (Praetorian) and N. Sao (Genetec) for independently discovering and reporting this issue.