PT-2022-12953 · Palo Alto Networks · Globalprotect

Adam Crosser

Published

2022-02-10

Updated

2022-02-17

CVE-2022-0016

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Palo Alto Networks GlobalProtect app versions earlier than 5.2.9

Description An improper handling of exceptional conditions issue exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app. This enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. The issue impacts the GlobalProtect app on Windows and MacOS.

Recommendations For GlobalProtect app versions earlier than 5.2.9, update to version 5.2.9 or later to resolve the issue. As a temporary workaround, consider disabling the Connect Before Logon feature until a patch is available. Restrict access to the GlobalProtect app on Windows and MacOS to minimize the risk of exploitation.

Fix

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-755CWE-703

Related Identifiers

CVE-2022-0016

Affected Products

Globalprotect

PT-2022-12953 · Palo Alto Networks · Globalprotect

CVE-2022-0016

Weakness Enumeration

Related Identifiers

Affected Products

References · 5