Home

Description

A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect.

PUBLISHED Reserved 2024-10-03 | Published 2024-10-09 | Updated 2024-10-18 | Assigner palo_alto




MEDIUM: 5.2CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:C/RE:M/U:Amber

Problem types

CWE-250 Execution with Unnecessary Privileges

Product status

Default status
unaffected

5.1
affected

6.0
affected

6.1
affected

6.2.0 (custom) before 6.2.5
affected

6.3
affected

Timeline

2024-10-09:Initial publication

Credits

Michael Baer of SEC Consult Vulnerability Lab finder

Marc Barrantes of KPMG Spain finder

References

seclists.org/fulldisclosure/2024/Oct/2

security.paloaltonetworks.com/CVE-2024-9473 vendor-advisory

sec-consult.com/...ller-in-palo-alto-networks-globalprotect/ third-party-advisory exploit

cve.org (CVE-2024-9473)

nvd.nist.gov (CVE-2024-9473)

Download JSON