cbcvebase.
CVE-2024-2432
published 2024-03-13

CVE-2024-2432: A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated…

PriorityP433high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
EPSS
0.39%
30.6th percentile
A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.

Affected

9 ranges
VendorProductVersion rangeFixed in
palo_alto_networksglobalprotect_app>= 5.1 < 5.1.125.1.12
palo_alto_networksglobalprotect_app>= 6.0 < 6.0.86.0.8
palo_alto_networksglobalprotect_app>= 6.1 < 6.1.26.1.2
palo_alto_networksglobalprotect_app>= 6.2 < 6.2.16.2.1
paloaltoglobalprotect_app
paloaltonetworksglobalprotect
paloaltonetworksglobalprotect>= 5.1.0 < 5.1.125.1.12
paloaltonetworksglobalprotect>= 6.0.0 < 6.0.86.0.8
paloaltonetworksglobalprotect>= 6.1.0 < 6.1.26.1.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.