Privilege Escalation Vulnerability in Palo Alto Networks GlobalProtect for Windows
CVE-2024-9473

7.8HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Globalprotect App
Vendor: CVE Published:; 9 October 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The GlobalProtect application developed by Palo Alto Networks is susceptible to a privilege escalation vulnerability affecting Windows environments. This flaw allows a locally authenticated user without administrative rights to escalate their privileges to that of NT AUTHORITY/SYSTEM through the exploit of the application's repair functionality via its .msi installer. Such a vulnerability poses risks as it could enable unauthorized control over system settings, data, and operational capabilities. Organizations using the GlobalProtect app on Windows should ensure proper updates and configurations are applied to mitigate potential exploitation.

Affected Version(s)

GlobalProtect App Windows 5.1

GlobalProtect App Windows 6.0

GlobalProtect App Windows 6.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-9473 - Proof of Concept

References

https://security.paloaltonetworks.com/CVE-2024-9473

vendor-advisory

https://sec-consult.com/vulnerability-lab/advisory/local-...

third-party-advisoryexploit

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Oct 9, 2024
👾
Exploit known to exist
Oct 9, 2024
Vulnerability published
Oct 9, 2024

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)

Credit

Michael Baer of SEC Consult Vulnerability Lab

Marc Barrantes of KPMG Spain