Non-Privileged User Disables GlobalProtect App in Configurations Allowing Passcode Disablement

CVE-2024-2431

5.5MEDIUM

Key Information

Vendor: Palo Alto Networks
Status: Globalprotect App
Vendor: CVE Published:; 13 March 2024

Badges

👾 Exploit Exists

Summary

An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode.

Affected Version(s)

GlobalProtect App < 6.0.4

GlobalProtect App < 5.1.12

GlobalProtect App < 5.2.13

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Aug 5, 2024
Vulnerability Reserved.
Mar 13, 2024
Initial publication
Mar 13, 2024
Vulnerability published.
Mar 13, 2024

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks AIG Red Team and Stephen Collyer for discovering and reporting this issue.