Palo Alto Networks releases security update to address a privilege escalation vulnerability in GlobalProtect App

Threat ID:CC-4580

Threat Severity:Medium

Published:26 November 2024 1:06 PM

Summary

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 6.3

GlobalProtect App

Versions: All versions on Windows

GlobalProtect UWP App

Threat details

Technical Details Released for CVE-2024-5921

Security researchers have released technical details of CVE-2024-5921. This information may be used by attackers to target this vulnerability, increasing the likelihood of successful exploitation.

Introduction

Palo Alto Networks has released a security advisory for an insufficient certification validation vulnerability in the GlobalProtect app tracked as CVE-2024-5921 that could facilitate an attacker connecting the app to arbitrary servers.

CVE-2024-5921 has a CVSSv4.0 score of 5.6 and could be used by an attacker to install malicious root certificates on the endpoint.

An attacker could subsequently use this root certificate to install malicious software signed by the root certificate to facilitate privilege escalation.

Threat updates


27 Nov 2024	Technical Details Released for CVE-2024-5921

Remediation advice

Affected organisations are strongly encouraged to review Palo Alto Networks security advisory and apply the relevant updates as soon as practicable.

Remediation steps


Guidance	Palo Alto Networks advise that this issue can be mitigated by using the GlobalProtect app in FIPS-CC mode. https://security.paloaltonetworks.com/CVE-2024-5921

Definitive source of threat updates

https://security.paloaltonetworks.com/

CVE Vulnerabilities

StatusReserved

CVE-2024-5921

Last edited: 27 November 2024 1:13 pm