CVE-2023-0009: 
Palo Alto Networks GlobalProtect Agent vulnerability analysis and mitigation

A local privilege escalation (PE) vulnerability was discovered in the Palo Alto Networks GlobalProtect app on Windows, identified as CVE-2023-0009. The vulnerability enables a local user to execute programs with elevated privileges. This security issue was discovered by Mohammad Arman from Zurich Insurance and was publicly disclosed on June 14, 2023 (Palo Alto).

The vulnerability has been assigned a CVSSv3.1 Base Score of 7.8 (HIGH) with the following metrics: Attack Vector: LOCAL, Attack Complexity: LOW, Privileges Required: LOW, User Interaction: NONE, Scope: UNCHANGED, and Impact scores of HIGH for Confidentiality, Integrity, and Availability. The weakness type is classified as CWE-807: Reliance on Untrusted Inputs in a Security Decision (Palo Alto).

If exploited, this vulnerability allows local users to execute programs with elevated privileges, potentially compromising the system's security by gaining unauthorized access to sensitive resources and performing privileged operations (Palo Alto).

The vulnerability has been fixed in multiple versions of the GlobalProtect app: version 5.1.12, 5.2.13, 6.0.5, 6.1.1, and all later versions. Users are advised to update to these fixed versions to remediate the vulnerability. No alternative workarounds have been provided (Palo Alto).