cbcvebase.
CVE-2024-5921
published 2024-11-27

CVE-2024-5921: An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary…

PriorityP352high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
1.45%
70.2th percentile
An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.

Affected

13 ranges
VendorProductVersion rangeFixed in
palo_alto_networksglobalprotect_app
palo_alto_networksglobalprotect_app>= 6.1.0 < 6.1.66.1.6
palo_alto_networksglobalprotect_app>= 6.1.0 < 6.1.76.1.7
palo_alto_networksglobalprotect_app>= 6.2.0 < 6.2.66.2.6
palo_alto_networksglobalprotect_app>= 6.2.0 < 6.2.6-c8576.2.6-c857
palo_alto_networksglobalprotect_app>= 6.2.0 < 6.2.1-c316.2.1-c31
palo_alto_networksglobalprotect_app>= 6.3.0 < 6.3.26.3.2
paloaltoglobalprotect_app
paloaltonetworksglobalprotect>= 6.1.0 < 6.1.66.1.6
paloaltonetworksglobalprotect>= 6.1.0 < 6.1.76.1.7
paloaltonetworksglobalprotect>= 6.1.0 < 6.2.16.2.1
paloaltonetworksglobalprotect>= 6.1.0 < 6.2.66.2.6
paloaltonetworksglobalprotect>= 6.3.0 < 6.3.26.3.2

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.1HIGHCVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.