CVE-2024-5915

Description

A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges.

CVSS breakdown

CVSS 4.0

Attack Vector

Local

Attack Complexity

Low

Attack Requirements

Present

Privileges Required

Low

User Interaction

None

Confidentiality (Vulnerable System)

None

Integrity (Vulnerable System)

Low

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

High

Integrity (Subsequent System)

High

Availability (Subsequent System)

High

None

Adjacent

Amber

Affected products

Palo Alto Networks / globalprotect_app5.1 – 5.1
Palo Alto Networks / globalprotect_app6.0 – 6.0
Palo Alto Networks / globalprotect_app6.1 – 6.1.5
Palo Alto Networks / globalprotect_app6.2 – 6.2.4
Palo Alto Networks / globalprotect_app6.3 – 6.3.1

References

MISChttps://security.paloaltonetworks.com/CVE-2024-5915