CVE-2024-9473 — Execution with Unnecessary Privileges in Palo Alto Networks Globalprotect APP

CWE-250 — Execution with Unnecessary Privileges4 documents4 sources

Severity

5.2MEDIUMNVD

EPSS

0.3%

top 44.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Globalprotect APP Paloaltonetworks Globalprotect Paloalto Globalprotect APP +1 more

Timeline

PublishedOct 9

Description

A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H

Affected Packages4 packages

▶NVDpaloaltonetworks/globalprotect5.1 — 6.2.5+2

▶CVEListV5palo_alto_networks/globalprotect_app6.2.0 — 6.2.5+4

▶Palo Altopaloalto/globalprotect_app

▶Palo Altopaloalto/globalprotect_uwp_app

🔴Vulnerability Details

CVEList

GlobalProtect App: Local Privilege Escalation (PE) Vulnerability↗2024-10-09

▶

GHSA

GHSA-w47r-whp2-pxw8: A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows↗2024-10-09

▶

📋Vendor Advisories

Palo Alto

GlobalProtect App: Local Privilege Escalation (PE) Vulnerability↗2024-10-09

▶