CVE-2022-0017 — Link Following in Palo Alto Networks Globalprotect APP

CWE-59 — Link Following5 documents5 sources

Severity

7.8HIGHNVD

CNA7.0

EPSS

0.0%

top 88.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Globalprotect APP Paloaltonetworks Globalprotect Paloalto Globalprotect APP

Timeline

PublishedFeb 10

Latest updateJun 15

Description

An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect G…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDpaloaltonetworks/globalprotect5.1 — 5.1.10+1

▶CVEListV5palo_alto_networks/globalprotect_app5.2 — 5.2.5+1

▶Palo Altopaloalto/globalprotect_app

🔴Vulnerability Details

GHSA

GHSA-fv8p-4m6f-8crp: An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that ena↗2022-02-11

▶

CVEList

GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation↗2022-02-10

▶

📋Vendor Advisories

VMware

VMware HCX update addresses an information disclosure vulnerability (CVE-2022-22953)↗2022-06-15

▶

Palo Alto

GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation↗2022-02-09

▶