A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect.
Weakness
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Globalprotect | Paloaltonetworks | 5.1 (including) | 6.2.5 (excluding) |
| Globalprotect | Paloaltonetworks | 6.3.0 (including) | 6.3.0 (including) |
| Globalprotect | Paloaltonetworks | 6.3.1 (including) | 6.3.1 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/104.html
- https://cwe.mitre.org/data/definitions/470.html
- https://cwe.mitre.org/data/definitions/69.html