Palo Alto Networks 的 GlobalProtect 应用程序存在一个安全漏洞，允许非特权用户在允许用户使用密码禁用 GlobalProtect 的配置中，无需密码即可禁用 GlobalProtect 应用程序。该漏洞仅在将“允许用户禁用 GlobalProtect 应用程序”设置为“允许使用密码”时才会出现。用户应检查其防火墙 Web 界面中的此设置，并根据需要采取适当措施。

😄 **漏洞描述:** CVE-2024-2431 影响 Palo Alto Networks 的 GlobalProtect 应用程序，允许非特权用户在允许用户使用密码禁用 GlobalProtect 的配置中，无需密码即可禁用 GlobalProtect 应用程序。

🤔 **受影响的版本:** 该漏洞影响 GlobalProtect 应用程序的多个版本，包括 5.1、5.2、6.0 和 6.1 的某些版本。

🛡️ **解决方案:** Palo Alto Networks 已发布了针对此漏洞的修复程序。建议用户升级到 GlobalProtect 应用程序的最新版本，以缓解此漏洞。

⚠️ **缓解措施:** 为了缓解此漏洞，用户可以将“允许用户禁用 GlobalProtect 应用程序”设置为“不允许”或“允许使用票证”。

🤝 **致谢:** Palo Alto Networks 感谢 AIG Red Team 和 Stephen Collyer 发现并报告了此漏洞。

Palo Alto Networks Security Advisories /CVE-2024-2431CVE-2024-2431 GlobalProtect App: Local User Can Disable GlobalProtectUrgencyMODERATEResponse EffortLOWRecoveryUSERValue DensityDIFFUSEAttack VectorLOCALAttack ComplexityLOWAttack RequirementsPRESENTAutomatableYESUser InteractionNONEProduct ConfidentialityNONEProduct IntegrityNONEProduct AvailabilityHIGHPrivileges RequiredLOWSubsequent ConfidentialityNONESubsequent IntegrityNONESubsequent AvailabilityNONENVDJSON Published2024-03-13 Updated2024-03-13ReferenceGPC-15349DiscoveredexternallyDescriptionAn issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app without needing the passcode in configurations that allow a user to disable GlobalProtect with a passcode.Product StatusVersionsAffectedUnaffectedGlobalProtect App 6.2NoneAllGlobalProtect App 6.1< 6.1.1>= 6.1.1GlobalProtect App 6.0< 6.0.4>= 6.0.4GlobalProtect App 5.2< 5.2.13>= 5.2.13GlobalProtect App 5.1< 5.1.12>= 5.1.12Required Configuration for ExposureThis is an issue only if "Allow User to Disable GlobalProtect App" is set to "Allow with Passcode". You should check this setting in your firewall web interface (Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App) and take the appropriate actions as needed.Severity:MEDIUMCVSSv4.0Base Score:5.7 (CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Amber)Exploitation StatusPalo Alto Networks is not aware of any malicious exploitation of this issue.Weakness TypeCWE-269 Improper Privilege ManagementSolutionThis issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.4, GlobalProtect app 6.1.1, and all later GlobalProtect app versions.Workarounds and MitigationsYou can mitigate this issue by setting "Allow User to Disable GlobalProtect App" to "Disallow" or "Allow with Ticket."AcknowledgmentsPalo Alto Networks thanks AIG Red Team and Stephen Collyer for discovering and reporting this issue.Timeline2024-03-13Initial publication