CVE-2017-15870 — Paloaltonetworks Globalprotect vulnerability

4 documents4 sources

Severity

6.7MEDIUMNVD

EPSS

0.1%

top 73.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Paloaltonetworks Globalprotect Paloalto Globalprotect APP

Timeline

PublishedDec 11

Latest updateMay 13

Description

Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶NVDpaloaltonetworks/globalprotect4.0.2

▶Palo Altopaloalto/globalprotect_app

🔴Vulnerability Details

GHSA

GHSA-hh94-w64v-333x: Palo Alto Networks GlobalProtect Agent before 4↗2022-05-13

▶

CVEList

CVE-2017-15870: Palo Alto Networks GlobalProtect Agent before 4↗2017-12-11

▶

📋Vendor Advisories

Palo Alto

GlobalProtect App Vulnerability↗2017-12-06

▶