Exploit
CVE-2024-2432

Improper Privilege Management (CWE-269)

Published: Mar 13, 2024 / Updated: 8mo ago

010
CVSS 4.5EPSS 0.04%Medium
CVE info copied to clipboard

A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Timeline

CVE Assignment

NVD published the first details for CVE-2024-2432

Mar 13, 2024 at 11:15 AM
First Article

Feedly found the first article mentioning CVE-2024-2432. See article

Mar 13, 2024 at 6:21 PM / National Vulnerability Database
EPSS

EPSS Score was set to: 0.04% (Percentile: 7.2%)

Mar 14, 2024 at 2:43 PM
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Mar 15, 2024 at 6:10 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (192152)

Mar 15, 2024 at 8:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (379513)

Mar 18, 2024 at 12:00 AM
Static CVE Timeline Graph

Affected Systems

Paloaltonetworks/globalprotect
+null more

Exploits

https://github.com/Hagrid29/CVE-2024-2432-PaloAlto-GlobalProtect-EoP
+null more

Links to Mitre Att&cks

T1548: Abuse Elevation Control Mechanism
+null more

Attack Patterns

CAPEC-122: Privilege Abuse
+null more

News

Update Mon Jul 8 22:25:17 UTC 2024
Update Mon Jul 8 22:25:17 UTC 2024
Update Sat Jun 15 02:09:42 UTC 2024
Update Sat Jun 15 02:09:42 UTC 2024
Update Fri Apr 26 09:59:13 UTC 2024
Update Fri Apr 26 09:59:13 UTC 2024
[no-title]
10 N CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect none none none none All >= 11.1.2-h3 (See additional hotfixes in Solution section) >= 11.0.4-h1 (See additional hotfixes in Solution section) >= 10.2.9-h1 (See additional hotfixes in Solution section) All All all 2024-04-12 2024-04-15 8.3 N CVE-2024-3383 PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE) none none none none All All >= 11.0.3 >= 10.2.5 >= 10.1.11 All all 2024-04-10 2024-04-10 8.2 N CVE-2024-3385 PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 Prisma Access none none none All All >= 11.0.3 >= 10.2.8 >= 10.1.12 >= 9.1.17 >= 9.0.17-h4 All 2024-04-10 2024-04-10 8.2 CVE-2024-3382 PAN-OS: Firewall Denial of Service (DoS) via a Burst of Crafted Packets none none none none All >= 11.1.2 >= 11.0.4 >= 10.2.7-h3 All All all 2024-04-10 2024-04-10 8.2 N CVE-2024-3384 PAN-OS: Firewall Denial of Service (DoS) via Malformed NTLM Packets none none none none All All All >= 10.0.12 >= 9.1.15-h1 >= 9.0.17 >= 8.1.24 all 2024-04-10 2024-04-10 6.9 N CVE-2024-3386 PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 10.0 PAN-OS 9.1 PAN-OS 9.0 Prisma Access none none none All All >= 11.0.1-h2, >= 11.0.2 >= 10.2.4-h2, >= 10.2.5 >= 10.1.9-h3, >= 10.1.10 >= 10.0.13 >= 9.1.17 >= 9.0.17-h2 All 2024-04-10 2024-04-10 6 CVE-2024-3387 PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure none none none none All All >= 11.0.4 on Panorama >= 10.2.7-h3 on Panorama, >= 10.2.8 on Panorama >= 10.1.12 on Panorama All all 2024-04-10 2024-04-10 5.1 CVE-2024-3388 PAN-OS: User Impersonation in GlobalProtect SSL VPN Cloud NGFW PAN-OS 11.1 PAN-OS 11.0 PAN-OS 10.2 PAN-OS 10.1 PAN-OS 9.1 PAN-OS 9.0 PAN-OS 8.1 Prisma Access none none All All >= 11.0.3 >= 10.2.7-h3 >= 10.1.11-h4 >= 9.1.17 >= 9.0.17-h4 >= 8.1.26 >= 10.2.4 2024-04-10 2024-04-10 i PAN-SA-2024-0004 Informational Bulletin: OSS CVEs fixed in PAN-OS Versions prior to those listed above 2024-04-10 i PAN-SA-2024-0003 Informational Bulletin:
Security researcher Erwin Chain published proof of Concept for CVE-2024-2432 (4.5 medium, disclosed 13 March 2024) GlobalProtect App: Local Privilege Escalation (LPE) Vulnerability. It allows for arbitrary file delete with elevated privileges via a symbolic link attack. The timeline is a little wonky, but it appears the vulnerability was reported in June 2023, acknowledged 4 months later in October, and patched 5 months after in March 2024 (9 months!) 🔗 https:// github.com/Hagrid29/CVE-2024-2 432-PaloAlto-GlobalProtect-EoP # CVE_2024_2432 # PaloAlto # LPE # vulnerability
See 14 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:High
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:Low
Integrity:Low
Availability Impact:Low

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI