GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon

CVE-2022-0016

7.4HIGH

Key Information

Status
Globalprotect App
Vendor
CVE Published:
9 February 2022

Badges

👾 Exploit Exists

Summary

An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.

Affected Version(s)

GlobalProtect App < 5.2.9

GlobalProtect App >= 5.3.*

GlobalProtect App >= 5.1*

Refferences

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks Adam Crosser (Praetorian), Brian Sizemore (Praetorian) and N. Sao (Genetec) for independently discovering and reporting this issue.
.