Plataforma
paloalto
Componente
globalprotect
Corrigido em
5.1.12
6.0.8
6.1.2
6.2.1
CVE-2024-2432 describes a privilege escalation vulnerability discovered in the Palo Alto Networks GlobalProtect app for Windows. This flaw allows a local user to potentially execute programs with elevated privileges by exploiting a race condition. The vulnerability impacts versions 5.1 through 6.2.1 of the GlobalProtect app, and a patch is available in version 6.2.1.
Successful exploitation of CVE-2024-2432 could allow a malicious local user to gain elevated privileges on a Windows system running the vulnerable GlobalProtect app. This could enable them to install malware, modify system configurations, access sensitive data, or compromise the integrity of the entire system. While exploitation requires a race condition, the potential impact is significant, as it bypasses standard user access controls. The attacker would need to be present on the machine and able to trigger the race condition, limiting the scope to local access.
CVE-2024-2432 was publicly disclosed on March 13, 2024. Currently, no public proof-of-concept (POC) exploits are known. The EPSS score is pending evaluation, but given the privilege escalation nature and the requirement for a race condition, the probability of exploitation is considered medium. It is not currently listed on the CISA KEV catalog.
Organizations deploying Palo Alto Networks GlobalProtect app on Windows devices are at risk. This includes environments with less restrictive local user account policies and those where local administrative access is frequently granted. Shared hosting environments utilizing GlobalProtect are also potentially vulnerable.
• windows / supply-chain:
Get-Process -ErrorAction SilentlyContinue | Where-Object {$_.ProcessName -like '*globalprotect*'}• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and (EventID=4688)] and EventData[Data[@Name='TargetUserName']='SYSTEM']" -MaxEvents 10• windows / supply-chain: Check Autoruns for unusual entries related to GlobalProtect or suspicious executables running with elevated privileges (using tools like Autoruns from Sysinternals).
disclosure
Status do Exploit
EPSS
0.40% (percentil 61%)
Vetor CVSS
The primary mitigation for CVE-2024-2432 is to upgrade the GlobalProtect app to version 6.2.1 or later, which contains the fix. If an immediate upgrade is not possible, consider implementing stricter local user account controls and monitoring for suspicious process execution. While a direct workaround is not available, limiting the privileges of local user accounts can reduce the potential impact of a successful exploit. After upgrading, confirm the fix by attempting to trigger the race condition and verifying that the elevated privilege execution is blocked.
Actualice la aplicación GlobalProtect a la última versión disponible proporcionada por Palo Alto Networks. Esto solucionará la vulnerabilidad de escalada de privilegios.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-2432 is a medium-severity vulnerability in the Palo Alto Networks GlobalProtect app that allows a local user to potentially gain elevated privileges by exploiting a race condition.
You are affected if you are running GlobalProtect app versions 5.1 through 6.2.1 on Windows devices.
Upgrade the GlobalProtect app to version 6.2.1 or later to remediate the vulnerability.
Currently, there are no known public exploits or confirmed active exploitation campaigns for CVE-2024-2432.
Refer to the Palo Alto Networks Security Advisories page for the official advisory: https://www.paloaltonetworks.com/support/security
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.