Headline
CVE-2019-17435: CVE-2019-17435 Local Privilege Escalation in GlobalProtect App for Windows
A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation.
Palo Alto Networks Security Advisories / CVE-2019-17435
Attack Vector LOCAL
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact NONE
Privileges Required LOW
Integrity Impact HIGH
User Interaction NONE
Availability Impact NONE
NVD JSON
Published 2019-10-15
Updated
Reference GPC-8977 PAN-SA-2019-0036
Discovered externally
Description
A Local Privilege Escalation vulnerability exists in the GlobalProtect App for Windows auto-update feature that can allow for modification of a GlobalProtect App MSI installer package on disk before installation. (Ref # GPC-8977, CVE-2019-17435)
Successful exploitation of this issue may allow a low-privileged local user to escalate their privileges to the System user.
This issue affects GlobalProtect App 5.0.3 and earlier for Windows and GlobalProtect App 4.1.12 and earlier for Windows.
Product Status
Versions
Affected
Unaffected
GlobalProtect App 5.0
<= 5.0.3
>= 5.0.4
GlobalProtect App 4.1
<= 4.1.12
>= 4.1.13
Severity:MEDIUM
CVSSv3.1 Base Score:5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
Weakness Type
CWE-269 Improper Privilege Management
Solution
GlobalProtect App 4.1.13 and later for Windows and GlobalProtect App 5.0.4 and later for Windows.
Workarounds and Mitigations
N/A
Acknowledgments
Palo Alto Networks would like to thank Hanno Heinrichs of CrowdStrike Intelligence for reporting this issue.