Palo Alto Networks GlobalProtect App Privilege Escalation Vulnerability Allows Local User Elevated Access
CVE-2024-5915

7.8HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Globalprotect App
Vendor: CVE Published:; 14 August 2024

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2024-5915?

The vulnerability identified in the Palo Alto Networks GlobalProtect application allows a local user on Windows devices to elevate their privileges. This flaw could potentially enable unauthorized actions by executing programs with elevated privileges, which may compromise the security of the affected system. Immediate remediation is recommended for users to ensure their systems remain protected against exploitation of this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GlobalProtect App Windows 5.1

GlobalProtect App Windows 6.0

GlobalProtect App Windows 6.1 < 6.1.5

News Articles

The Cyber Express

CVE-2024-5915 CVE-2024-5916

CERT-IN Warns About Vulnerabilities In Palo Alto Networks

CERT-IN has issued advisories regarding critical vulnerabilities in Palo Alto Networks applications. Users are urged to update to mitigate these risks.

References

https://security.paloaltonetworks.com/CVE-2024-5915

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by The Cyber Express
Sep 3, 2024
👾
Exploit known to exist
Aug 17, 2024
Vulnerability published
Aug 14, 2024

Credit

Ashutosh Gautam/JumpThere

Maciej Miszczyk of Logitech

Will Dormann of ANALYGENCE

Farid Zerrouk

Alaa Kachouh

Ali Jammal

JSON