PT-2020-3408 · Palo Alto Networks · Global Protect Agent For Linux

Published

2020-04-08

Updated

2020-04-09

CVE-2020-1989

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Palo Alto Networks Global Protect Agent for Linux versions prior to 5.0.8 Palo Alto Networks Global Protect Agent for Linux versions prior to 5.1.1

Description The issue is related to incorrect privilege management in the Global Protect Agent for Linux, allowing a local authenticated user to elevate their privileges to the root level. This can be achieved by exploiting the vulnerability when the application writes specific files on the ARM platform.

Recommendations For versions prior to 5.0.8, update to version 5.0.8 or later. For versions prior to 5.1.1, update to version 5.1.1 or later.

Fix

Incorrect Privilege Assignment

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-269

Related Identifiers

BDU:2020-03731

CVE-2020-1989

Affected Products

Global Protect Agent For Linux

PT-2020-3408 · Palo Alto Networks · Global Protect Agent For Linux

CVE-2020-1989

Weakness Enumeration

Related Identifiers

Affected Products

References · 4