Insufficient Certification Validation in Palo Alto Networks GlobalProtect Application
CVE-2024-5921
Key Information:
- Vendor
- Palo Alto Networks
- Vendor
- CVE Published:
- 27 November 2024
Badges
Summary
Two critical vulnerabilities were discovered in the Palo Alto Networks GlobalProtect VPN app and the SonicWall SMA100 NetExtender VPN client for Windows. The vulnerability in the GlobalProtect app allows attackers to install malicious code with elevated privileges, while the vulnerability in the SonicWall client enables remote code execution with system privileges. Both vulnerabilities require the victim to connect to a malicious VPN server, which can be achieved through social engineering. The impact of these vulnerabilities is severe, and researchers have developed tools to demonstrate the attack methods. Mitigations and patches have been released for these vulnerabilities, but it is important for organizations to promptly address the issue to prevent potential exploitation.
Affected Version(s)
GlobalProtect App 6.3.0
GlobalProtect App 6.1.0
GlobalProtect App 6.0.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting ๐
Well keep you posted ๐ง
News Articles
Palo Alto Globalprotect: Malicious code weakness via weak certificate validation
A vulnerability in Palo Alto Networks Globalprotect VPN app allows attackers to completely compromise computers.
2 months ago
New VPN Attack Demonstrated Against Palo Alto Networks, SonicWall Products
Palo Alto Networks and SonicWall VPNs affected by vulnerabilities allowing remote code execution and privilege escalation.
2 months ago
References
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
- ๐ฐ
First article discovered by Help Net Security
Vulnerability Reserved