Description
A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
Affected products
- Palo Alto Networks / globalprotect_app6.0 – 6.0.4
- Palo Alto Networks / globalprotect_app6.1 – 6.1.1
- Palo Alto Networks / globalprotect_app5.2 – 5.2.13