PT-2020-3485 · Microsoft+1 · Windows+1

Rich Mirch

Published

2020-06-10

Updated

2020-06-16

CVE-2020-2032

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Palo Alto Networks GlobalProtect app versions prior to 5.0.10 on Windows Palo Alto Networks GlobalProtect app versions prior to 5.1.4 on Windows

Description The issue exists due to insufficient checking of a shared resource's state, leading to a race condition vulnerability. This vulnerability can be exploited by a local limited Windows user to execute programs with SYSTEM privileges, but only during a GlobalProtect app upgrade.

Recommendations For GlobalProtect app versions prior to 5.0.10 on Windows, update to version 5.0.10 or later. For GlobalProtect app versions prior to 5.1.4 on Windows, update to version 5.1.4 or later.

Fix

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367

Related Identifiers

BDU:2020-03809

CVE-2020-2032

Affected Products

Globalprotect

Windows

PT-2020-3485 · Microsoft+1 · Windows+1

CVE-2020-2032

Weakness Enumeration

Related Identifiers

Affected Products

References · 4