CVE-2024-5921
published 2024-11-27CVE-2024-5921: An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary…
PriorityP352high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
1.45%
70.2th percentile
An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.
Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | globalprotect_app | — | — |
| palo_alto_networks | globalprotect_app | >= 6.1.0 < 6.1.6 | 6.1.6 |
| palo_alto_networks | globalprotect_app | >= 6.1.0 < 6.1.7 | 6.1.7 |
| palo_alto_networks | globalprotect_app | >= 6.2.0 < 6.2.6 | 6.2.6 |
| palo_alto_networks | globalprotect_app | >= 6.2.0 < 6.2.6-c857 | 6.2.6-c857 |
| palo_alto_networks | globalprotect_app | >= 6.2.0 < 6.2.1-c31 | 6.2.1-c31 |
| palo_alto_networks | globalprotect_app | >= 6.3.0 < 6.3.2 | 6.3.2 |
| paloalto | globalprotect_app | — | — |
| paloaltonetworks | globalprotect | >= 6.1.0 < 6.1.6 | 6.1.6 |
| paloaltonetworks | globalprotect | >= 6.1.0 < 6.1.7 | 6.1.7 |
| paloaltonetworks | globalprotect | >= 6.1.0 < 6.2.1 | 6.2.1 |
| paloaltonetworks | globalprotect | >= 6.1.0 < 6.2.6 | 6.2.6 |
| paloaltonetworks | globalprotect | >= 6.3.0 < 6.3.2 | 6.3.2 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.1HIGHCVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ccr5-hmvm-37q5: An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbit
ghsa_unreviewed·2024-11-27
CVE-2024-5921 [HIGH] CWE-295 GHSA-ccr5-hmvm-37q5: An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbit
An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.
GlobalProtect App for Android is under evaluation. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.
Palo Alto
GlobalProtect App: Insufficient Certificate Validation Leads to Privilege Escalation
vendor_paloalto·CVSS 7.1
CVE-2024-5921 [HIGH] CWE-295 GlobalProtect App: Insufficient Certificate Validation Leads to Privilege Escalation
GlobalProtect App: Insufficient Certificate Validation Leads to Privilege Escalation
An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.
Please subscribe to our RSS feed (https://security.paloaltonetworks.com/rss.xml) to be alerted to new updates to this and other advisories.
Affected products: GlobalProtect App
Solution: This issue is fixed in GlobalProtect app 6.2.1-c31 on Linux, GlobalProtect app 6.2.6 on Windows, GlobalP
No detection rules found.
No public exploits indexed.
2024-11-27
Published