Palo Alto Networks GlobalProtect App Privilege Escalation Vulnerability Allows Local User Elevated Access

CVE-2024-5915

7.8HIGH

Key Information

Status
Globalprotect App
Vendor
CVE Published:
14 August 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges.

Affected Version(s)

GlobalProtect App = 5.1

GlobalProtect App = 6.0

GlobalProtect App < 6.1.5

News Articles

CERT-IN Warns About Vulnerabilities In Palo Alto Networks

CERT-IN has issued advisories regarding critical vulnerabilities in Palo Alto Networks applications. Users are urged to update to mitigate these risks.

4 months ago

Refferences

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • First article discovered by The Cyber Express

  • 👾

    Exploit known to exist

  • Vulnerability published

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

Ashutosh Gautam/JumpThere
Maciej Miszczyk of Logitech
Will Dormann of ANALYGENCE
Farid Zerrouk
Alaa Kachouh
Ali Jammal
.