Headline
CVE-2019-17436: CVE-2019-17436 Local Privilege Escalation in GlobalProtect App for Linux and Mac OS
A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system.
Palo Alto Networks Security Advisories / CVE-2019-17436
Attack Vector LOCAL
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact NONE
Privileges Required LOW
Integrity Impact HIGH
User Interaction NONE
Availability Impact HIGH
NVD JSON
Published 2019-10-15
Updated
Reference GPC-8945 PAN-SA-2019-0037
Discovered externally
Description
A Local Privilege Escalation vulnerability exists in GlobalProtect App for Linux and Mac OSX that can allow non-root users to overwrite root files on the file system. (Ref # GPC-8945, CVE-2019-17436)
Successful exploitation of this issue may allow a low-privileged local user to escalate their privileges on the system.
This issue affects GlobalProtect App 5.0.4 and earlier for Linux and Mac OS and GlobalProtect App 4.1.12 and earlier for Linux and Mac OS.
Product Status
Versions
Affected
Unaffected
GlobalProtect App 5.0
<= 5.0.4
>= 5.0.5
GlobalProtect App 4.1
<= 4.1.12
>= 4.1.13
Severity:HIGH
CVSSv3.1 Base Score:7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
Weakness Type
CWE-269 Improper Privilege Management
Solution
GlobalProtect App 4.1.13 and later for Linux and Mac OS and GlobalProtect App 5.0.5 and later for Linux and Mac OS.
Workarounds and Mitigations
N/A
Acknowledgments
Palo Alto Networks would like to thank Hanno Heinrichs of CrowdStrike Intelligence for reporting this issue.