Globalprotect Security Vulnerabilities and Issues — Globalprotect CVE List

Lucene search

PaloaltonetworksGlobalprotect

8 matches found

CVE•added 2024/11/27 4:15 a.m.•3829 views

CVE-2024-5921

An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificat...

8.8CVSS9AI score0.00194EPSS

CVE•added 2024/05/06 7:15 p.m.•269 views

CVE-2024-3661

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify ne...

7.6CVSS7.3AI score0.01876EPSS

CVE•added 2024/10/09 5:15 p.m.•79 views

CVE-2024-9473

A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalP...

7.8CVSS7.9AI score0.00045EPSS

CVE•added 2024/06/12 5:15 p.m.•73 views

CVE-2024-5908

A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purpos...

7.5CVSS7.5AI score0.00206EPSS

CVE•added 2024/08/14 5:15 p.m.•69 views

CVE-2024-5915

A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges.

7.8CVSS7AI score0.00028EPSS

CVE•added 2024/09/11 5:15 p.m.•66 views

CVE-2024-8687

An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstall,...

7.1CVSS6.8AI score0.00059EPSS

CVE•added 2024/03/13 6:15 p.m.•58 views

CVE-2024-2432

A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.

4.5CVSS5AI score0.00211EPSS

CVE•added 2024/03/13 6:15 p.m.•30 views

CVE-2024-2431

An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode.

5.5CVSS5.4AI score0.00024EPSS