CVE-2022-0017

GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation

CVSS 7 HIGHEPSS 0.3%CWE-59

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

10 Feb 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Palo Alto Networks · GlobalProtect App

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://security.paloaltonetworks.com/CVE-2022-0017