FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-5915

Incorrect Permission Assignment for Critical Resource (CWE-732)

Published: Aug 14, 2024 / Updated: 3mo ago

010
CVSS 5.2EPSS 0.04%Medium
CVE info copied to clipboard

Summary

A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges.

Impact

This vulnerability allows a local user with low privileges to execute programs with elevated privileges on Windows devices running the affected versions of Palo Alto Networks GlobalProtect app. This could lead to unauthorized access to sensitive system resources, data manipulation, and potential compromise of the entire system. The vulnerability has a high impact on confidentiality, integrity, and availability of the affected system.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Palo Alto Networks has released security updates to address this vulnerability.

Mitigation

1. Update the Palo Alto Networks GlobalProtect app to the latest patched version. 2. For GlobalProtect 5.1.x, upgrade to version 5.1.10 or later. 3. For GlobalProtect 6.0.x, upgrade to version 6.0.7 or later. 4. For GlobalProtect 6.1.x, upgrade to version 6.1.5 or later. 5. For GlobalProtect 6.2.x, upgrade to version 6.2.4 or later. 6. For GlobalProtect 6.3.0, upgrade to version 6.3.1 or later. 7. Implement the principle of least privilege to limit user access rights. 8. Monitor system activities and logs for any suspicious behavior. 9. Implement additional access controls and authentication mechanisms where possible.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber

Timeline

First Article

Feedly found the first article mentioning CVE-2024-5915. See article

Aug 14, 2024 at 5:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Aug 14, 2024 at 5:24 PM
Threat Intelligence Report

CVE-2024-5915 is a critical local privilege escalation vulnerability in the GlobalProtect app for Windows, with a high risk of system-wide compromise. This flaw allows a local user to execute programs with elevated privileges, potentially leading to administrative control over the system. There are currently no proof-of-concept exploits available, but users are advised to apply patches or mitigations provided by the vendor to prevent exploitation. See article

Sep 3, 2024 at 3:46 PM
Static CVE Timeline Graph

Affected Systems

Paloaltonetworks/globalprotect
+null more

Patches

security.paloaltonetworks.com
+null more

Links to Mitre Att&cks

T1574.010: Services File Permissions Weakness
+null more

Attack Patterns

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
+null more

References

CERT-In Advisory and WikiLoader Campaign: Comprehensive Overview of Recent Security Threats
unSafe.sh - 不安全 / 2mo
CERT-In has issued a critical advisory highlighting vulnerabilities in multiple Palo Alto Networks applications, including GlobalProtect, Cloud NGFW, PAN-OS, and Cortex XSOAR. Recommended actions include upgrading affected software, restricting access, using threat detection tools, and staying vigilant against sophisticated malware campaigns like WikiLoader.
CERT-In Advisory and WikiLoader Campaign: Comprehensive Overview of Recent Security Threats
unSafe.sh - 不安全 / 2mo
CERT-In has issued a critical advisory highlighting vulnerabilities in multiple Palo Alto Networks applications, including GlobalProtect, Cloud NGFW, PAN-OS, and Cortex XSOAR. Recommended actions include upgrading affected software, restricting access, using threat detection tools, and staying vigilant against sophisticated malware campaigns like WikiLoader.
CERT-In Advisory and WikiLoader Campaign: Comprehensive Overview of Recent Security Threats
Cyble / 2mo
CERT-In has issued a critical advisory highlighting vulnerabilities in multiple Palo Alto Networks applications, including GlobalProtect, Cloud NGFW, PAN-OS, and Cortex XSOAR. Recommended actions include upgrading affected software, restricting access, using threat detection tools, and staying vigilant against sophisticated malware campaigns like WikiLoader.
See 1 more references

News

Snac Fediverse Instance
Welcome to snac.bsd.cafe / 46d
You can have an updated security advisory, as a treat: Multiple Cisco Products Web-Based Management Interface Privilege Escalation Vulnerability CVE-2024-20381 (8.8 high, disclosed 11 September 2024) was updated for "Clarified affected products and vulnerable configuration." CVE-2024-43491 ( 9.8 critical ) Microsoft Windows Update Remote Code Execution Vulnerability (EXPLOITED)
CERT-In Advisory and WikiLoader Campaign: Comprehensive Overview of Recent Security Threats
unSafe.sh - 不安全 / 2mo
CERT-In has issued a critical advisory highlighting vulnerabilities in multiple Palo Alto Networks applications, including GlobalProtect, Cloud NGFW, PAN-OS, and Cortex XSOAR. Recommended actions include upgrading affected software, restricting access, using threat detection tools, and staying vigilant against sophisticated malware campaigns like WikiLoader.
CERT-In Advisory and WikiLoader Campaign: Comprehensive Overview of Recent Security Threats
unSafe.sh - 不安全 / 2mo
CERT-In has issued a critical advisory highlighting vulnerabilities in multiple Palo Alto Networks applications, including GlobalProtect, Cloud NGFW, PAN-OS, and Cortex XSOAR. Recommended actions include upgrading affected software, restricting access, using threat detection tools, and staying vigilant against sophisticated malware campaigns like WikiLoader.
CERT-IN Warns About Vulnerabilities In Palo Alto Networks
OSINT without borders / 2mo
These vulnerabilities could allow attackers to gain unauthorized access to systems, steal sensitive information, and potentially execute malicious code. A critical vulnerability exists in older versions of the Palo Alto Networks GlobalProtect app, a software solution that enables secure remote access to corporate networks.
CERT-In Advisory and WikiLoader Campaign: Comprehensive Overview of Recent Security Threats
Cyble / 2mo
CERT-In has issued a critical advisory highlighting vulnerabilities in multiple Palo Alto Networks applications, including GlobalProtect, Cloud NGFW, PAN-OS, and Cortex XSOAR. Recommended actions include upgrading affected software, restricting access, using threat detection tools, and staying vigilant against sophisticated malware campaigns like WikiLoader.
See 28 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 7.8(51562)CWE-732(1410)Paloaltonetworks(287)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial