GlobalProtect App: Local Privilege Escalation (PE) Vulnerability

CVE-2023-0009

7.8HIGH

Key Information

Vendor: Palo Alto Networks
Status: Globalprotect App
Vendor: CVE Published:; 14 June 2023

Badges

👾 Exploit Exists

Summary

A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges.

Affected Version(s)

GlobalProtect App >= 6.2

GlobalProtect App < 6.1.1

GlobalProtect App < 6.0.5

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Aug 2, 2024
Validated an attack scenario that does not require the Windows user to have special privileges
Jul 31, 2023
Initial publication
Jun 14, 2023
Vulnerability published.
Jun 14, 2023
Vulnerability Reserved.
Oct 27, 2022

Collectors

NVD DatabaseMitre Database

Credit

Mohammad Arman from Zurich Insurance