CVE-2020-1988 MEDIUM

CVE-2020-1988: Global Protect Agent: Local privilege escalation due to an unquoted search path vulnerability

Vendor Palo Alto Networks
Product Global Protect Agent
Weakness CWE-428
Published April 8, 2020
Last update September 16, 2024

CVSS base score

4.2/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;

Key dates

02Disclosure timeline

April 8, 2020 CVE published
September 16, 2024 Record updated