Paloalto Globalprotect App vulnerabilities

CVE-2021-3057 [HIGH] CWE-121 GlobalProtect App: Buffer Overflow Vulnerability When Connecting to Portal or Gateway GlobalProtect App: Buffer Overflow Vulnerability When Connecting to Portal or Gateway A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. Affected products: GlobalProtect App Solution: This issue is fixed

CVE-2021-3038 [MEDIUM] CWE-20 GlobalProtect App: Windows VPN kernel driver denial of service (DoS) GlobalProtect App: Windows VPN kernel driver denial of service (DoS) A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. Affected products: GlobalProtect App Solution: This issue is fixed in GlobalPro

CVE-2020-2032 [HIGH] CWE-367 GlobalProtect App: File race condition vulnerability leads to local privilege escalation during upgrade GlobalProtect App: File race condition vulnerability leads to local privilege escalation during upgrade A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. This issue can be exploited only while performing a GlobalProtect app upgrade. Affected products: Glob

CVE-2020-2033 [MEDIUM] CWE-290 GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability

CVE-2020-2004 [MEDIUM] CWE-534 GlobalProtect App: Passwords may be logged in clear text while collecting troubleshooting logs GlobalProtect App: Passwords may be logged in clear text while collecting troubleshooting logs Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. For this issue to occur all of these condition

CVE-2020-1989 [HIGH] CWE-266 GlobalProtect App: Incorrect privilege assignment allows local privilege escalation GlobalProtect App: Incorrect privilege assignment allows local privilege escalation An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks GlobalProtect App for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks GlobalProtect App for Linux 5.0

CVE-2020-1988 [MEDIUM] CWE-428 GlobalProtect App: Local privilege escalation due to an unquoted search path vulnerability GlobalProtect App: Local privilege escalation due to an unquoted search path vulnerability An unquoted search path vulnerability in the Windows release of GlobalProtect App allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProt

CVE-2020-1987 [LOW] CWE-215 GlobalProtect App: VPN cookie local information disclosure GlobalProtect App: VPN cookie local information disclosure An information exposure vulnerability in the logging component of Palo Alto Networks GlobalProtect App allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks GlobalProtect App 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1. Affected pro

CVE-2020-1976 [MEDIUM] CWE-642 GlobalProtect App: Local denial-of-service (DoS) vulnerability on MacOS GlobalProtect App: Local denial-of-service (DoS) vulnerability on MacOS A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect App running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect App 5.0.5 and earlier versions of GlobalProtect App 5.0 on Mac OS. Affected products: GlobalProtect App Solution

CVE-2019-17436 [HIGH] CWE-269 Local Privilege Escalation in GlobalProtect App for Linux and Mac OS Local Privilege Escalation in GlobalProtect App for Linux and Mac OS A Local Privilege Escalation vulnerability exists in GlobalProtect App for Linux and Mac OSX that can allow non-root users to overwrite root files on the file system. (Ref # GPC-8945, CVE-2019-17436) Successful exploitation of this issue may allow a low-privileged local user to escalate their privileges on the system. This issue

CVE-2019-17435 [MEDIUM] CWE-269 Local Privilege Escalation in GlobalProtect App for Windows Local Privilege Escalation in GlobalProtect App for Windows A Local Privilege Escalation vulnerability exists in the GlobalProtect App for Windows auto-update feature that can allow for modification of a GlobalProtect App MSI installer package on disk before installation. (Ref # GPC-8977, CVE-2019-17435) Successful exploitation of this issue may allow a low-privileged local user to escalate their privile

CVE-2019-1573 [LOW] CWE-200 Information Disclosure in GlobalProtect App Information Disclosure in GlobalProtect App An information disclosure vulnerability exists in the GlobalProtect App for Windows and macOS (VU#192371). Successful exploitation of this issue would allow a local authenticated attacker to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user. An attacker should have already compromised the end user account and gained th

CVE-2017-15870 [MEDIUM] GlobalProtect App Vulnerability GlobalProtect App Vulnerability An "image path execution hijacking" vulnerability affects the Palo Alto Networks Global Protect Client. Exploitation of this issue requires the root privileges on the local station. An attacker could exploit this vulnerability to obtain a certain level of persistence on the compromised host. (ref # GPC-4401 / CVE-2017-15870) Successful exploitation requires local administrative privileges. This issue affects

CVE-2012-6606 [MEDIUM] CWE-310 Man-in-the-middle Vulnerability in GlobalProtect App Man-in-the-middle Vulnerability in GlobalProtect App A vulnerability exists in NetConnect (all version) and GlobalPortect App (1.1.6 and earlier) whereby the agent does not verify the certificate presented by the portal server, enabling a possible Man-in-the-middle attack. This vulnerability can result in an agent connecting to an attacker-controlled server allowing the attacker to receive the username and passw

CVE-2025-4232 [HIGH] CWE-155 GlobalProtect: Authenticated Code Injection Through Wildcard on macOS GlobalProtect: Authenticated Code Injection Through Wildcard on macOS An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root. Affected products: GlobalProtect App Solution: VERSION MINOR VERSION SUGGESTED SOLUTION GlobalProtect App 6.3 on macOS 6.3.

CVE-2024-5921 [HIGH] CWE-295 GlobalProtect App: Insufficient Certificate Validation Leads to Privilege Escalation GlobalProtect App: Insufficient Certificate Validation Leads to Privilege Escalation An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates

CVE-2025-0120 [HIGH] CWE-250 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App: Local Privilege Escalation (PE) Vulnerability A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which make

CVE-2025-0141 [HIGH] CWE-426 GlobalProtect App: Privilege Escalation (PE) Vulnerability GlobalProtect App: Privilege Escalation (PE) Vulnerability An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. The GlobalProtect app on iOS, Android, Chrome OS and GlobalProtect UWP app are not affected. Affected produ

CVE-2025-0117 [HIGH] CWE-807 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability GlobalProtect App: Local Privilege Escalation (PE) Vulnerability A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. GlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected. Affected

CVE-2025-0140 [MEDIUM] CWE-266 GlobalProtect App: Non Admin User Can Disable the GlobalProtect App GlobalProtect App: Non Admin User Can Disable the GlobalProtect App An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome