cbcvebase.

Palo Alto Networks Globalprotect App vulnerabilities

33 known vulnerabilities affecting palo_alto_networks/globalprotect_app.

Total CVEs
33
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH16MEDIUM15LOW2

Vulnerabilities

Page 1 of 2
CVE-2024-5921P3HIGHCVSS 8.8≥ 6.3.0, < 6.3.2≥ 6.2.0, < 6.2.6+5 more2024-11-27
CVE-2024-5921 [HIGH] CWE-295 CVE-2024-5921: An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables a An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious so
nvd
CVE-2025-4232P3HIGHCVSS 8.8≥ 6.3, < 6.3.3≥ 6.2.0, < 6.2.8-h2+2 more2025-06-13
CVE-2025-4232 [HIGH] CWE-155 CVE-2025-4232: An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Net An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.
nvd
CVE-2021-3057P3HIGHCVSS 8.1≥ 5.1, < 5.1.9≥ 5.2, < 5.2.8+1 more2021-10-13
CVE-2021-3057 [HIGH] CWE-121 CVE-2021-3057: A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.9 on Windows; GlobalProtect app 5.2 versio
nvd
CVE-2025-0118P3HIGHCVSS 8.0≥ 6.2.0, < 6.2.5≥ 6.1.0, < 6.1.6+1 more2025-03-12
CVE-2025-0118 [HIGH] CWE-618 CVE-2025-0118: A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to r A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious
nvd
CVE-2024-9473P3HIGHCVSS 7.8v5.1v6.0+3 more2024-10-09
CVE-2024-9473 [HIGH] CWE-250 CVE-2024-9473: A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect.
nvd
CVE-2022-0017P3HIGHCVSS 7.8≥ 5.2, < 5.2.5≥ 5.1, < 5.1.102022-02-10
CVE-2022-0017 [HIGH] CWE-59 CVE-2022-0017: An improper link resolution before file access ('link following') vulnerability exists in the Palo A An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than G
nvd
CVE-2024-5915P3HIGHCVSS 7.8v5.1v6.0+3 more2024-08-14
CVE-2024-5915 [HIGH] CWE-732 CVE-2024-5915: A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows dev A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges.
nvd
CVE-2022-0016P3HIGHCVSS 7.8≥ 5.2, < 5.2.92022-02-10
CVE-2022-0016 [HIGH] CWE-703 CVE-2022-0016: An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier
nvd
CVE-2025-0141P3HIGHCVSS 8.4≥ 6.3.0, < 6.3.3-h1 (6.3.3-c650)≥ 6.2.0, < 6.2.8-h2 (6.2.8-c243)+3 more2025-07-09
CVE-2025-0141 [HIGH] CWE-426 CVE-2025-0141: An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enab An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. The GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
nvd
CVE-2023-0009P3HIGHCVSS 7.8≥ 6.1, < 6.1.1≥ 6.0, < 6.0.5+1 more2023-06-14
CVE-2023-0009 [HIGH] CWE-807 CVE-2023-0009: A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windo A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges.
nvd
CVE-2024-5908P3HIGHCVSS 7.5≥ 5.1.0, < 5.1.12≥ 6.0.0, < 6.0.8+2 more2024-06-12
CVE-2024-5908 [HIGH] CWE-532 CVE-2024-5908: A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user cre A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these encrypted credentials are expo
nvd
CVE-2024-8687P3HIGHCVSS 7.1≥ 5.1.0, < 5.1.12≥ 5.2.0, < 5.2.13+3 more2024-09-11
CVE-2024-8687 [HIGH] CWE-497 CVE-2024-8687: An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a Gl An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall, disable, or disconnect GlobalProtect even if the Global
nvd
CVE-2025-0120P4HIGHCVSS 7.0≥ 6.3.0, < 6.3.3≥ 6.2.0, < 6.2.8+2 more2025-04-11
CVE-2025-0120 [HIGH] CWE-250 CVE-2025-0120: A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app o A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerab
nvd
CVE-2024-2432P4HIGHCVSS 7.0≥ 5.1, < 5.1.12≥ 6.0, < 6.0.8+2 more2024-03-13
CVE-2024-2432 [HIGH] CWE-269 CVE-2024-2432: A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows dev A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.
nvd
CVE-2026-0251P4MEDIUMCVSS 5.9≥ 6.3.0, < 6.3.3-h9 (6.3.3-999)≥ 6.2.0, < 6.2.8-h10 (6.2.8-948)+3 more2026-05-13
CVE-2026-0251 [MEDIUM] CWE-426 CVE-2026-0251: Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app all Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative privileges. The GlobalProtect app on iOS, Android, Chro
nvd
CVE-2022-0018P4MEDIUMCVSS 6.5≥ 5.2, < 5.2.9≥ 5.1, < 5.1.102022-02-10
CVE-2022-0018 [MEDIUM] CWE-201 CVE-2022-0018: An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. This product behavior is intentional and poses no security risk when conn
nvd
CVE-2026-0250P4MEDIUMCVSS 5.2≥ 6.3.0, < 6.3.3-h9 (6.3.3-999)≥ 6.2.0, < 6.2.8-h10 (6.2.8-948)+5 more2026-05-13
CVE-2026-0250 [MEDIUM] CWE-787 CVE-2026-0250: A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a m A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a man in the middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. This vulnerability is triggered during the processing of requests and responses exchanged between Portal and Gateway. The GlobalProtec
nvd
CVE-2020-2032P4HIGHCVSS 7.0≥ 5.1, < 5.1.4≥ 5.0, < 5.0.102020-06-10
CVE-2020-2032 [HIGH] CWE-367 CVE-2020-2032: A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limite A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. This issue can be exploited only while performing a GlobalProtect app upgrade. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 on Windows; GlobalProtect ap
nvd
CVE-2023-0006P4MEDIUMCVSS 6.3≥ 6.0, < 6.0.4≥ 6.1, < 6.1.1+1 more2023-04-12
CVE-2023-0006 [MEDIUM] CWE-367 CVE-2023-0006: A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices e A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition.
nvd
CVE-2020-2033P4MEDIUMCVSS 5.3≥ 5.1, < 5.1.4≥ 5.0, < 5.0.102020-06-10
CVE-2020-2033 [MEDIUM] CWE-290 CVE-2020-2033: When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks Glob When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. This allows the attacker to access the GlobalPro
nvd
Palo Alto Networks Globalprotect App vulnerabilities | cvebase