Security Advisory: Local Privilege Escalation in GlobalProtect Agent for Windows

Started by icecream-guy, October 16, 2019, 05:24:10 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

icecream-guy

October 16, 2019, 05:24:10 AM
Local Privilege Escalation in GlobalProtect Agent for Windows
Last revised: 10/15/2019

Summary
A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows auto-update feature that can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation. (Ref # GPC-8977, CVE-2019-17435)

Severity: Medium
Successful exploitation of this issue may allow a low-privileged local user to escalate their privileges to the System user.

Products Affected
GlobalProtect Agent 5.0.3 and earlier for Windows and GlobalProtect Agent 4.1.12 and earlier for Windows.

Available Updates
GlobalProtect Agent 4.1.13 and later for Windows and GlobalProtect Agent 5.0.4 and later for Windows.

Workarounds and Mitigations
N/A

Acknowledgments
Palo Alto Networks would like to thank Hanno Heinrichs of CrowdStrike Intelligence for reporting this issue.
:professorcat:

My Moral Fibers have been cut.
Print
Go Up Pages1
User actions