GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation
CVE-2022-0017
7HIGH
Key Information
- Vendor
- Palo Alto Networks
- Status
- Globalprotect App
- Vendor
- CVE Published:
- 9 February 2022
Badges
👾 Exploit Exists
Summary
An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms.
Affected Version(s)
GlobalProtect App < 5.2.5
GlobalProtect App < 5.1.10
GlobalProtect App = 5.3.*
Refferences
CVSS V3.1
Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Palo Alto Networks thanks Christophe Schleypen of NATO Cyber Security Centre Pentesting for discovering and reporting this issue.