Description
A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious page during the GlobalProtect SAML login process on a Windows device. This issue does not apply to the GlobalProtect app on other (non-Windows) platforms.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
Present
Privileges Required
None
User Interaction
Active
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
Low
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
Low
Integrity (Subsequent System)
Low
Availability (Subsequent System)
Low
AU
None
R
Unchanged
V
D
RE
M
U
Amber
Affected products
- Palo Alto Networks / GlobalProtect UWP AppAll – All
- paloaltonetworks / globalprotect_app6.2.3 – 6.2.3
- paloaltonetworks / globalprotect_app6.2.2 – 6.2.2
- paloaltonetworks / globalprotect_app6.2.1 – 6.2.1
- paloaltonetworks / globalprotect_app6.2.0 – 6.2.0
- paloaltonetworks / globalprotect_app6.1.5 – 6.1.5
- paloaltonetworks / globalprotect_app6.1.4 – 6.1.4
- paloaltonetworks / globalprotect_app6.1.3 – 6.1.3
- paloaltonetworks / globalprotect_app6.1.2 – 6.1.2
- paloaltonetworks / globalprotect_app6.1.1 – 6.1.1
- paloaltonetworks / globalprotect_app6.2.4 – 6.2.4
- paloaltonetworks / globalprotect_app6.0.8 – 6.0.8
- paloaltonetworks / globalprotect_app6.0.7 – 6.0.7
- paloaltonetworks / globalprotect_app6.0.6 – 6.0.6
- paloaltonetworks / globalprotect_app6.0.5 – 6.0.5
- paloaltonetworks / globalprotect_app6.0.4 – 6.0.4
- paloaltonetworks / globalprotect_app6.0.3 – 6.0.3
- paloaltonetworks / globalprotect_app6.0.2 – 6.0.2
- paloaltonetworks / globalprotect_app6.0.1 – 6.0.1
- paloaltonetworks / globalprotect_app6.0.0 – 6.0.0
- paloaltonetworks / globalprotect_app6.1.0 – 6.1.0