Palo Alto Networks GlobalProtect App Insufficient Certificate Validation Vulnerability
CVE-2024-5921 Published on November 27, 2024
GlobalProtect App: Insufficient Certificate Validation Leads to Privilege Escalation
An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.
Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.
Timeline
Updated fix availability for 6.2.1 on Linux and solutions section to provide steps needed for Linux
Updated ETA for 6.2.1-HF2 Linux, 6.1.6 Android, 6.1.7 iOS, and 6.2.6 UWP
Added 6.2.6-c857 macOS solution
Added planned fix version and ETA for 6.1 for Android
Updated product status table for GlobalProtect app 6.3.2 and added macOS solution
Updated ETAs for GlobalProtect app versions 6.3, 6.2, and 6.1
Updated planned fix version and ETA for 6.3 for Windows and macOS
Added note to the solution about potential performance concern
Updated affected products, added ETAs, clarified solution, and added frequently asked questions
Added registry-based deployment option to solution, and added frequently asked questions
Clarified impact, solution, and added frequently asked questions
Initial publication
Weakness Type
Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.
Products Associated with CVE-2024-5921
Want to know whenever a new CVE is published for Palo Alto Networks Globalprotect? stack.watch will email you.
Affected Versions
Palo Alto Networks GlobalProtect App:- Version 6.3.0 and below 6.3.2 is affected.
- Version 6.2.0 and below 6.2.6 is affected.
- Version 6.1.0 is affected.
- Version 6.3.0 and below 6.3.2 is affected.
- Version 6.2.0 and below 6.2.6-c857 is affected.
- Version 6.1.0 is affected.
- Version 6.2.0 and below 6.2.1-c31 is affected.
- Version 6.1.0 is affected.
- Version 6.1.0 and below 6.1.6 is affected.
- Version 6.1.0 and below 6.1.7 is affected.
- Version 6.0.0 is unaffected.
- Version 5.1.0 is unaffected.
- Version 6.2.0 and below 6.2.6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.