Palo Alto Networks Security Advisories /CVE-2024-2432CVE-2024-2432 GlobalProtect App: Local Privilege Escalation (PE) VulnerabilityUrgencyMODERATEResponse EffortLOWRecoveryAUTOMATICValue DensityDIFFUSEAttack VectorLOCALAttack ComplexityHIGHAttack RequirementsPRESENTAutomatableNOUser InteractionNONEProduct ConfidentialityLOWProduct IntegrityLOWProduct AvailabilityLOWPrivileges RequiredLOWSubsequent ConfidentialityHIGHSubsequent IntegrityHIGHSubsequent AvailabilityHIGHNVDJSON Published2024-03-13 Updated2024-03-18ReferenceGPC-18129DiscoveredexternallyDescriptionA privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.Product StatusVersionsAffectedUnaffectedGlobalProtect App 6.2< 6.2.1 on Windows>= 6.2.1 on WindowsGlobalProtect App 6.1< 6.1.2 on Windows>= 6.1.2 on WindowsGlobalProtect App 6.0< 6.0.8 on Windows>= 6.0.8 on WindowsGlobalProtect App 5.1< 5.1.12 on Windows>= 5.1.12 on WindowsSeverity:MEDIUMCVSSv4.0Base Score:5.2 (CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/AU:N/R:A/V:D/RE:L/U:Amber)Exploitation StatusPalo Alto Networks is not aware of any malicious exploitation of this issue. However, a proof of concept for this issue is publicly available.Weakness TypeCWE-269 Improper Privilege ManagementSolutionThis issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 6.0.8, GlobalProtect app 6.1.2, GlobalProtect app 6.2.1, and all later GlobalProtect app versions on Windows.AcknowledgmentsPalo Alto Networks thanks Erwin Chan for discovering and reporting this issue.Timeline2024-03-18Updated Exploitation Status section to indicate availability of a proof of concept2024-03-13Initial publication
