Palo Alto Networks GlobalProtect App Privilege Escalation Vulnerability Allows Local User Elevated Access
CVE-2024-5915

7.8HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Globalprotect App
Vendor: CVE Published:; 14 August 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

The vulnerability identified in the Palo Alto Networks GlobalProtect application allows a local user on Windows devices to elevate their privileges. This flaw could potentially enable unauthorized actions by executing programs with elevated privileges, which may compromise the security of the affected system. Immediate remediation is recommended for users to ensure their systems remain protected against exploitation of this vulnerability.

Affected Version(s)

GlobalProtect App Windows 5.1

GlobalProtect App Windows 6.0

GlobalProtect App Windows 6.1 < 6.1.5

News Articles

The Cyber Express

CVE-2024-5915 CVE-2024-5916

CERT-IN Warns About Vulnerabilities In Palo Alto Networks

CERT-IN has issued advisories regarding critical vulnerabilities in Palo Alto Networks applications. Users are urged to update to mitigate these risks.

5 months ago

References

https://security.paloaltonetworks.com/CVE-2024-5915

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by The Cyber Express
Sep 3, 2024
👾
Exploit known to exist
Aug 17, 2024
Vulnerability published
Aug 14, 2024

Credit

Ashutosh Gautam/JumpThere

Maciej Miszczyk of Logitech

Will Dormann of ANALYGENCE

Farid Zerrouk

Alaa Kachouh

Ali Jammal

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

CERT-IN Warns About Vulnerabilities In Palo Alto Networks

References

CVSS V3.1

Timeline

Credit