Palo Alto Networks Product Security Incident Response TeamPA-CVE-2020-1988GlobalProtect App: Local privilege escalation due to an unquoted search path vulnerability
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
An unquoted search path vulnerability in the Windows release of GlobalProtect App allows an authenticated local user with file creation privileges on the root of the OS disk (C:) or to Program Files directory to gain system privileges.
This issue affects Palo Alto Networks GlobalProtect App 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;
Work around:
Do not grant file creation privileges on the root of the OS disk (C:) or ‘Program Files’ directory to unprivileged users.
| CPE | Name | Operator | Version |
|---|---|---|---|
| globalprotect app | lt | 5.0.5 | |
| globalprotect app | lt | 4.1.13 |
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%