CVE-2024-5915: 
Palo Alto Networks GlobalProtect Agent vulnerability analysis and mitigation

A privilege escalation (PE) vulnerability (CVE-2024-5915) was discovered in the Palo Alto Networks GlobalProtect app on Windows devices. This vulnerability enables a local user to execute programs with elevated privileges. The issue affects multiple versions of GlobalProtect App including versions 6.3 (< 6.3.1), 6.2 (< 6.2.4), 6.1 (< 6.1.5), 6.0 (< 6.0.10-c826), and 5.1 (< 5.1.x) on Windows systems (Palo Advisory).

The vulnerability has been assigned a CVSS v4.0 Base Score of 5.2 (MEDIUM) with the following vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:A/V:D/RE:M/U:Amber. The weakness type is identified as CWE-732: Incorrect Permission Assignment for Critical Resource. The vulnerability requires local access and low attack complexity to exploit (Palo Advisory, NVD).

If exploited, this vulnerability allows local users to execute programs with elevated privileges, potentially leading to unauthorized access to system resources and compromise of system integrity. The CVSS metrics indicate high subsequent confidentiality, integrity, and availability impacts (Palo Advisory).

The vulnerability has been fixed in GlobalProtect app versions 5.1.x (ETA: December 2024), 6.0.10-c826, 6.1.5, 6.2.4, 6.3.1, and all later versions on Windows. As a workaround, administrators should ensure that the GlobalProtect installation directory and its contents cannot be modified by non-administrative Windows users (Palo Advisory).

The vulnerability was discovered and reported by multiple security researchers including Ashutosh Gautam/JumpThere, Maciej Miszczyk of Logitech, Will Dormann of ANALYGENCE, Farid Zerrouk, Alaa Kachouh, and Ali Jammal (Palo Advisory).