CVE-2022-0017: 
Palo Alto Networks GlobalProtect Agent vulnerability analysis and mitigation

An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. The vulnerability (CVE-2022-0017) was discovered by Christophe Schleypen of NATO Cyber Security Centre Pentesting and disclosed on February 9, 2022. This issue impacts GlobalProtect app 5.1 versions earlier than 5.1.10 and GlobalProtect app 5.2 versions earlier than 5.2.5 on Windows platforms (Palo Alto).

The vulnerability is classified as an improper link resolution before file access vulnerability (CWE-59). It received a CVSSv3.1 Base Score of 7.0 (HIGH) with the following metrics: Attack Vector: LOCAL, Attack Complexity: HIGH, Privileges Required: LOW, User Interaction: NONE, Scope: UNCHANGED, Confidentiality Impact: HIGH, Integrity Impact: HIGH, Availability Impact: HIGH (Palo Alto).

If successfully exploited, this vulnerability could allow an attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. The vulnerability affects only Windows installations of the GlobalProtect app (Palo Alto).

The vulnerability has been fixed in GlobalProtect app 5.1.10 on Windows, GlobalProtect app 5.2.5 on Windows, and all later GlobalProtect app versions. There are no known workarounds for this issue (Palo Alto).