PT-2020-3407 · Palo Alto Networks+1 · Globalprotect Agent+1

Matthew Batten

Published

2020-04-08

Updated

2020-04-09

CVE-2020-1988

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Palo Alto Networks GlobalProtect Agent versions prior to 5.0.5 Palo Alto Networks GlobalProtect Agent 4.1 versions prior to 4.1.13 on Windows

Description The issue is related to an unquoted search path vulnerability in the Windows release of Global Protect Agent. This vulnerability allows an authenticated local user with file creation privileges on the root of the OS disk or to the Program Files directory to gain system privileges.

Recommendations For versions prior to 5.0.5, update to version 5.0.5 or later. For 4.1 versions prior to 4.1.13 on Windows, update to version 4.1.13 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-428

Related Identifiers

BDU:2020-03730

CVE-2020-1988

Affected Products

Globalprotect Agent

Windows

PT-2020-3407 · Palo Alto Networks+1 · Globalprotect Agent+1

CVE-2020-1988

Weakness Enumeration

Related Identifiers

Affected Products

References · 4