CVE-2024-2431: 
Palo Alto Networks GlobalProtect Agent vulnerability analysis and mitigation

An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app without needing the passcode in configurations that allow a user to disable GlobalProtect with a passcode. This vulnerability was assigned CVE-2024-2431 and was disclosed on March 13, 2024. The vulnerability affects multiple versions of GlobalProtect App including versions prior to 5.1.12, 5.2.13, 6.0.4, and 6.1.1 (Palo Alto Advisory).

The vulnerability has been assigned a CVSS v4.0 score of 5.7 (MEDIUM) with the following vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Amber. The issue is classified as CWE-269 (Improper Privilege Management). The vulnerability only manifests when the 'Allow User to Disable GlobalProtect App' setting is configured to 'Allow with Passcode' (Palo Alto Advisory).

When exploited, this vulnerability allows a non-privileged user to bypass the passcode requirement and disable the GlobalProtect app, potentially compromising the security of the organization's VPN connectivity. The vulnerability primarily affects the availability of the application, with no direct impact on confidentiality or integrity (Palo Alto Advisory).

Organizations can mitigate this vulnerability by either upgrading to the fixed versions (GlobalProtect app 5.1.12, 5.2.13, 6.0.4, 6.1.1, or later versions) or by implementing a workaround. The workaround involves setting 'Allow User to Disable GlobalProtect App' to either 'Disallow' or 'Allow with Ticket' (Palo Alto Advisory).