github - ghsa-ch97-hpq7-jfg9

ghsa-ch97-hpq7-jfg9

Vulnerability from github

Published

2024-08-14 18:32

Modified

2024-08-20 18:31

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5.2 (Medium) - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:A/V:D/RE:M/U:Amber

Details

A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-5915"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-14T17:15:18Z",
    "severity": "MODERATE"
  },
  "details": "A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges.",
  "id": "GHSA-ch97-hpq7-jfg9",
  "modified": "2024-08-20T18:31:20Z",
  "published": "2024-08-14T18:32:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5915"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2024-5915"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

CVE-2024-5915 (GCVE-0-2024-5915)

Vulnerability from cvelistv5

Published

2024-08-14 16:40

Modified

2024-08-20 13:20

Severity ?

5.2 (Medium) - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:A/V:D/RE:M/U:Amber

CWE

CWE-732 - Incorrect Permission Assignment for Critical Resource

Summary

A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges.

References

URL

Tags

https://security.paloaltonetworks.com/CVE-2024-5915

Impacted products

	Vendor	Product	Version
	Palo Alto Networks	GlobalProtect App	Version: 5.1 Version: 6.0 Version: 6.1 < 6.1.5 Version: 6.2 < 6.2.4 Version: 6.3 < 6.3.1

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "globalprotect",
            "vendor": "paloaltonetworks",
            "versions": [
              {
                "status": "affected",
                "version": "5.1"
              },
              {
                "status": "affected",
                "version": "6.0"
              },
              {
                "lessThan": "6.1.5",
                "status": "affected",
                "version": "6.1",
                "versionType": "custom"
              },
              {
                "lessThan": "6.2.4",
                "status": "affected",
                "version": "6.2",
                "versionType": "custom"
              },
              {
                "lessThan": "6.3.1",
                "status": "affected",
                "version": "6.3",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5915",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-17T03:55:16.725264Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-20T13:20:36.459Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "GlobalProtect App",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "changes": [
                {
                  "at": "6.1.5",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.1.5",
              "status": "affected",
              "version": "6.1",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.2.4",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.2.4",
              "status": "affected",
              "version": "6.2",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "6.3.1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "6.3.1",
              "status": "affected",
              "version": "6.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ashutosh Gautam/JumpThere"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Maciej Miszczyk of Logitech"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Will Dormann of ANALYGENCE"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Farid Zerrouk"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Alaa Kachouh"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Ali Jammal"
        }
      ],
      "datePublic": "2024-08-14T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges."
            }
          ],
          "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e"
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:A/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-732",
              "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T16:40:41.840Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "url": "https://security.paloaltonetworks.com/CVE-2024-5915"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is fixed in GlobalProtect app 5.1.x (ETA: December 2024), GlobalProtect app 6.0.x (ETA: November 2024), GlobalProtect app 6.1.5, GlobalProtect app 6.2.4, GlobalProtect app 6.3.1 (ETA: end of August), and all later GlobalProtect app versions on Windows.\u003cbr\u003e"
            }
          ],
          "value": "This issue is fixed in GlobalProtect app 5.1.x (ETA: December 2024), GlobalProtect app 6.0.x (ETA: November 2024), GlobalProtect app 6.1.5, GlobalProtect app 6.2.4, GlobalProtect app 6.3.1 (ETA: end of August), and all later GlobalProtect app versions on Windows."
        }
      ],
      "source": {
        "defect": [
          "GPC-14958",
          "GPC-19883"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-14T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "GlobalProtect App: Local Privilege Escalation (PE) Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-5915",
    "datePublished": "2024-08-14T16:40:41.840Z",
    "dateReserved": "2024-06-12T15:27:56.748Z",
    "dateUpdated": "2024-08-20T13:20:36.459Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.