CVE-2020-1989: 
Palo Alto Networks GlobalProtect Agent vulnerability analysis and mitigation

An incorrect privilege assignment vulnerability was discovered in the Palo Alto Networks GlobalProtect App for Linux on ARM platform, identified as CVE-2020-1989. The vulnerability was disclosed on April 8, 2020, affecting GlobalProtect App versions 5.0 (before 5.0.8) and 5.1 (before 5.1.1). This security flaw allows local authenticated users to potentially escalate their privileges to root level on affected systems (Palo Alto Advisory).

The vulnerability is classified as CWE-266 (Incorrect Privilege Assignment) and CWE-269 (Improper Privilege Management). It received a CVSS v3.1 Base Score of 7.8 (High) from NVD with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while Palo Alto Networks assessed it with a score of 7.0 (High) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability specifically relates to incorrect privilege assignments when writing application-specific files (NVD, Palo Alto Advisory).

The vulnerability enables a local authenticated user to gain root privileges on the affected system, potentially leading to complete system compromise. This elevation of privileges could allow an attacker to gain full control over the system, affecting the confidentiality, integrity, and availability of the system resources (Palo Alto Advisory).

Palo Alto Networks has addressed this vulnerability by releasing fixed versions: GlobalProtect App 5.0.8 and GlobalProtect App 5.1.1. Users are advised to upgrade to these or later versions as there are no viable workarounds for this issue (Palo Alto Advisory).