CVE-2024-9473 MEDIUM

CVE-2024-9473: GlobalProtect App: Local Privilege Escalation (PE) Vulnerability

Vendor Palo Alto Networks
Product GlobalProtect App
Weakness CWE-250
Published October 9, 2024
Last update October 18, 2024

CVSS base score

5.2/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:C/RE:M/U:Amber

What the vulnerability does

01Description

A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect.

Key dates

02Disclosure timeline

October 9, 2024 CVE published
October 18, 2024 Record updated