Palo Alto Networks GlobalProtect Privilege Escalation Vulnerability

CVE-2024-2432

4.5MEDIUM

Key Information

Vendor
Palo Alto Networks
Status
Globalprotect App
Vendor
CVE Published:
13 March 2024

Badges

đź“° News Worthy

Summary

The vulnerability identified as CVE-2024-2432 is a privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices. It allows a local user to execute programs with elevated privileges by exploiting a race condition. The severity of the vulnerability is rated as MEDIUM and Palo Alto Networks has fixed the issue in affected versions. There are no known exploitations of this vulnerability in the wild at this time.

Affected Version(s)

GlobalProtect App < 5.1.12

GlobalProtect App < 6.0.8

GlobalProtect App < 6.1.2

News Articles

favicon imageRewterz

Rewterz Threat Advisory – Multiple Palo Alto Networks Vulnerabilities - Rewterz

Rewterz Threat Advisory – Multiple Palo Alto Networks Vulnerabilities

9 months ago

favicon imagePalo Alto Networks Security Advisories

CVE-2024-2432 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability

Palo Alto Networks Security Advisory: CVE-2024-2432 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, ex...

9 months ago

Refferences

https://security.paloaltonetworks.com/CVE-2024-2432

CVSS V3.1

Score:
4.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • First article discovered by Palo Alto Networks Security Advisories

  • Vulnerability published

Collectors

NVD DatabaseMitre Database2 News Article(s)

Credit

Palo Alto Networks thanks Erwin Chan for discovering and reporting this issue.
.