CVE-2024-9473
Vulnerability from cvelistv5
Published
2024-10-09 17:07
Modified
2024-10-18 11:59
Severity ?
EPSS score ?
Summary
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Palo Alto Networks | GlobalProtect App |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:paloaltonetworks:globalprotect:5.1.0:*:*:*:*:windows:*:*" ], "defaultStatus": "unaffected", "product": "globalprotect", "vendor": "paloaltonetworks", "versions": [ { "status": "affected", "version": "5.1.0" } ] }, { "cpes": [ "cpe:2.3:a:paloaltonetworks:globalprotect:6.0.0:*:*:*:*:windows:*:*" ], "defaultStatus": "unaffected", "product": "globalprotect", "vendor": "paloaltonetworks", "versions": [ { "status": "affected", "version": "6.0.0" } ] }, { "cpes": [ "cpe:2.3:a:paloaltonetworks:globalprotect:6.1.0:*:*:*:*:windows:*:*" ], "defaultStatus": "unaffected", "product": "globalprotect", "vendor": "paloaltonetworks", "versions": [ { "status": "affected", "version": "6.1.0" } ] }, { "cpes": [ "cpe:2.3:a:paloaltonetworks:globalprotect:6.3.0:*:*:*:*:windows:*:*" ], "defaultStatus": "unaffected", "product": "globalprotect", "vendor": "paloaltonetworks", "versions": [ { "status": "affected", "version": "6.3.0" } ] }, { "cpes": [ "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*" ], "defaultStatus": "unaffected", "product": "globalprotect", "vendor": "paloaltonetworks", "versions": [ { "lessThan": "6.2.5", "status": "affected", "version": "6.2.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-9473", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-15T12:53:19.159087Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-15T13:00:52.468Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-10-10T06:03:45.155Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Oct/2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.5:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.4:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.3:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.10:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.8:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.7:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.6:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.5:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.4:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.3:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.12:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.11:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.10:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.9:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.8:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.7:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.6:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.5:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.4:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.3:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.2:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1:-:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "GlobalProtect App", "vendor": "Palo Alto Networks", "versions": [ { "status": "affected", "version": "5.1" }, { "status": "affected", "version": "6.0" }, { "status": "affected", "version": "6.1" }, { "changes": [ { "at": "6.2.5", "status": "unaffected" } ], "lessThan": "6.2.5", "status": "affected", "version": "6.2.0", "versionType": "custom" }, { "status": "affected", "version": "6.3" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Michael Baer of SEC Consult Vulnerability Lab" }, { "lang": "en", "type": "finder", "value": "Marc Barrantes of KPMG Spain" } ], "datePublic": "2024-10-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect." } ], "value": "A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. However, a proof of concept for this issue is publicly available.\u003cbr\u003e" } ], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. However, a proof of concept for this issue is publicly available." } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.2, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-250", "description": "CWE-250 Execution with Unnecessary Privileges", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-18T11:59:17.267Z", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://security.paloaltonetworks.com/CVE-2024-9473" }, { "tags": [ "third-party-advisory", "exploit" ], "url": "https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-msi-installer-in-palo-alto-networks-globalprotect/" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "This issue is fixed in GlobalProtect app 6.2.5, and will be fixed in the remaining supported versions of GlobalProtect app listed in the Product Status section. Updates will be published to this advisory as they become available.\u003cbr\u003e\u003cbr\u003eCustomers who want to upgrade should reach out to customer support at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com\"\u003ehttps://support.paloaltonetworks.com\u003c/a\u003e.\u003cbr\u003e" } ], "value": "This issue is fixed in GlobalProtect app 6.2.5, and will be fixed in the remaining supported versions of GlobalProtect app listed in the Product Status section. Updates will be published to this advisory as they become available.\n\nCustomers who want to upgrade should reach out to customer support at https://support.paloaltonetworks.com ." } ], "source": { "defect": [ "GPC-19493", "GPC-21211" ], "discovery": "EXTERNAL" }, "timeline": [ { "lang": "en", "time": "2024-10-09T16:00:00.000Z", "value": "Initial publication" } ], "title": "GlobalProtect App: Local Privilege Escalation (PE) Vulnerability", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2024-9473", "datePublished": "2024-10-09T17:07:00.981Z", "dateReserved": "2024-10-03T11:35:19.552Z", "dateUpdated": "2024-10-18T11:59:17.267Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-9473\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2024-10-09T17:15:21.230\",\"lastModified\":\"2024-10-17T06:15:04.983\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de escalada de privilegios en la aplicaci\u00f3n Palo Alto Networks GlobalProtect en Windows permite que un usuario de Windows no administrativo autenticado localmente escale sus privilegios a NT AUTHORITY/SYSTEM mediante el uso de la funcionalidad de reparaci\u00f3n ofrecida por el archivo .msi utilizado para instalar GlobalProtect.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"NONE\",\"vulnerableSystemIntegrity\":\"LOW\",\"vulnerableSystemAvailability\":\"NONE\",\"subsequentSystemConfidentiality\":\"HIGH\",\"subsequentSystemIntegrity\":\"HIGH\",\"subsequentSystemAvailability\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NO\",\"recovery\":\"USER\",\"valueDensity\":\"CONCENTRATED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"AMBER\",\"baseScore\":5.2,\"baseSeverity\":\"MEDIUM\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-250\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"5.1\",\"versionEndExcluding\":\"6.2.5\",\"matchCriteriaId\":\"7E2CBAA4-7E71-4769-BBD6-6AF13714E565\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:globalprotect:6.3.0:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"CF300947-06F7-4027-B57A-1F3388233670\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:globalprotect:6.3.1:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"11061375-2C2C-47B4-A3ED-B1DA70F96642\"}]}]}],\"references\":[{\"url\":\"https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-msi-installer-in-palo-alto-networks-globalprotect/\",\"source\":\"psirt@paloaltonetworks.com\"},{\"url\":\"https://security.paloaltonetworks.com/CVE-2024-9473\",\"source\":\"psirt@paloaltonetworks.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.