Insufficient Certificate Validation Vulnerability Affects GlobalProtect App for Android
CVE-2024-5921
Key Information
- Vendor
- Palo Alto Networks
- Status
- Globalprotect App
- Globalprotect UWP App
- Globalprotect iOS App
- Vendor
- CVE Published:
- 27 November 2024
Badges
Summary
Two critical vulnerabilities were discovered in the Palo Alto Networks GlobalProtect VPN app and the SonicWall SMA100 NetExtender VPN client for Windows. The vulnerability in the GlobalProtect app allows attackers to install malicious code with elevated privileges, while the vulnerability in the SonicWall client enables remote code execution with system privileges. Both vulnerabilities require the victim to connect to a malicious VPN server, which can be achieved through social engineering. The impact of these vulnerabilities is severe, and researchers have developed tools to demonstrate the attack methods. Mitigations and patches have been released for these vulnerabilities, but it is important for organizations to promptly address the issue to prevent potential exploitation.
Affected Version(s)
GlobalProtect App = 6.3.0
GlobalProtect App < 6.2.6
GlobalProtect App = 6.2.0
News Articles
Palo Alto Globalprotect: Malicious code weakness via weak certificate validation
A vulnerability in Palo Alto Networks Globalprotect VPN app allows attackers to completely compromise computers.
4 weeks ago
New VPN Attack Demonstrated Against Palo Alto Networks, SonicWall Products
Palo Alto Networks and SonicWall VPNs affected by vulnerabilities allowing remote code execution and privilege escalation.
4 weeks ago
Refferences
Timeline
Vulnerability published
First article discovered by Help Net Security
Vulnerability Reserved