CVE-2023-0006
published 2023-04-12CVE-2023-0006: A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with…
PriorityP428medium6.3CVSS 3.1
AVLACHPRLUINSUCNIHAH
EPSS
0.11%
1.6th percentile
A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | globalprotect_app | >= 5.2 < 5.2.13 | 5.2.13 |
| palo_alto_networks | globalprotect_app | >= 6.0 < 6.0.4 | 6.0.4 |
| palo_alto_networks | globalprotect_app | >= 6.1 < 6.1.1 | 6.1.1 |
| paloalto | globalprotect_app | — | — |
| paloaltonetworks | globalprotect | — | — |
| paloaltonetworks | globalprotect | >= 5.2.0 < 5.2.13 | 5.2.13 |
| paloaltonetworks | globalprotect | >= 6.0.0 < 6.0.4 | 6.0.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g2xf-r6pf-g763: A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endp
ghsa_unreviewed·2023-04-12
CVE-2023-0006 [MEDIUM] CWE-367 GHSA-g2xf-r6pf-g763: A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endp
A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition.
Palo Alto
GlobalProtect App: Local File Deletion Vulnerability
vendor_paloalto·2023-04-12·CVSS 6.3
CVE-2023-0006 [MEDIUM] CWE-367 GlobalProtect App: Local File Deletion Vulnerability
GlobalProtect App: Local File Deletion Vulnerability
A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition.
Affected products: GlobalProtect App
Solution: This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.4, GlobalProtect app 6.1.1, and all later GlobalProtect app versions on Windows devices.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-04-12
Published