Vulnerabilities > CVE-2019-17435 - Unspecified vulnerability in Paloaltonetworks Globalprotect

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

paloaltonetworks

NVD

Published: 2019-10-16

Updated: 2023-03-23

Summary

A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation.

Vulnerable Configurations

Part	Description	Count
Application	Paloaltonetworks Paloaltonetworks Globalprotect - Paloaltonetworks Globalprotect 4.1.0 Paloaltonetworks Globalprotect 4.1.12 Paloaltonetworks Globalprotect 4.1.13 Paloaltonetworks Globalprotect 5.0.0 Paloaltonetworks Globalprotect 5.0.3	6

References

https://security.paloaltonetworks.com/CVE-2019-17435