GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation

CVE-2022-0017

7HIGH

Key Information

Vendor: Palo Alto Networks
Status: Globalprotect App
Vendor: CVE Published:; 9 February 2022

Badges

👾 Exploit Exists

Summary

An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms.

Affected Version(s)

GlobalProtect App < 5.2.5

GlobalProtect App < 5.1.10

GlobalProtect App = 5.3.*

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Sep 16, 2024
Risk change from: 7.8 to: 7 - (HIGH)
Feb 22, 2024
Initial publication
Feb 9, 2022
Vulnerability published.
Feb 9, 2022
Vulnerability Reserved.
Dec 28, 2021

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks Christophe Schleypen of NATO Cyber Security Centre Pentesting for discovering and reporting this issue.