GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon
CVE-2022-0016
7.4HIGH
Key Information
- Vendor
- Palo Alto Networks
- Status
- Globalprotect App
- Vendor
- CVE Published:
- 9 February 2022
Badges
👾 Exploit Exists
Summary
An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.
Affected Version(s)
GlobalProtect App < 5.2.9
GlobalProtect App >= 5.3.*
GlobalProtect App >= 5.1*
Refferences
CVSS V3.1
Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Palo Alto Networks thanks Adam Crosser (Praetorian), Brian Sizemore (Praetorian) and N. Sao (Genetec) for independently discovering and reporting this issue.