CVE-2022-0016Improper Check or Handling of Exceptional Conditions in Palo Alto Networks Globalprotect APP

CWE-703Improper Check or Handling of Exceptional ConditionsCWE-755Improper Handling of Exceptional ConditionsCWE-22Path Traversal6 documents6 sources
Severity
7.8HIGHNVD
CNA7.4
EPSS
0.0%
top 88.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Palo Alto Networks Globalprotect APPPaloaltonetworks GlobalprotectPaloalto Globalprotect APP
Timeline
PublishedFeb 10
Latest updateJun 14

Description

An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5palo_alto_networks/globalprotect_app5.25.2.9

🔴Vulnerability Details

2
GHSA
GHSA-mrwh-mjvv-r5vh: An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect ap2022-02-11
CVEList
GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon2022-02-10

📋Vendor Advisories

3
VMware
VMware ESXi addresses DirectPath I/O (PCI-Passthrough) Information Leak vulnerabilities (CVE-2022-21123, CVE-2022-21125, CVE-2022-21166)2022-06-14
CISA
Microsoft Windows TS WebProxy Directory Traversal Vulnerability2022-05-25
Palo Alto
GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon With SAML Authentication2022-02-09
CVE-2022-0016 — Palo vulnerability | cvebase