CVE-2023-0006: 
Palo Alto Networks GlobalProtect Agent vulnerability analysis and mitigation

A local file deletion vulnerability was discovered in the Palo Alto Networks GlobalProtect app on Windows devices (CVE-2023-0006). The vulnerability enables a user to delete system files from the endpoint with elevated privileges through a race condition. This issue affects multiple versions of GlobalProtect App including versions 6.1, 6.0, 5.2, and 5.1 on Windows devices (Palo Alto Advisory).

The vulnerability is classified as a Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367). It has been assigned a CVSSv3.1 Base Score of 6.3 (MEDIUM) with the following metrics: Attack Vector: LOCAL, Attack Complexity: HIGH, Privileges Required: LOW, User Interaction: NONE, Scope: UNCHANGED, Confidentiality Impact: NONE, Integrity Impact: HIGH, Availability Impact: HIGH (Palo Alto Advisory).

The vulnerability allows local users to delete system files from the Windows endpoint with elevated privileges. This can potentially impact system integrity and availability by enabling unauthorized file deletion operations (Palo Alto Advisory).

The vulnerability has been fixed in GlobalProtect app versions 5.1.12, 5.2.13, 6.0.4, 6.1.1, and all later GlobalProtect app versions on Windows devices. Users are advised to upgrade to these patched versions to mitigate the vulnerability (Palo Alto Advisory).