Vulnerabilities > Paloaltonetworks > Globalprotect > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-09 | CVE-2024-9473 | Unspecified vulnerability in Paloaltonetworks Globalprotect A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect. | 7.8 |
| 2024-09-11 | CVE-2024-8687 | Unspecified vulnerability in Paloaltonetworks Pan-Os An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. | 7.1 |
| 2024-08-14 | CVE-2024-5915 | Incorrect Permission Assignment for Critical Resource vulnerability in Paloaltonetworks Globalprotect A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. | 7.8 |
| 2024-06-12 | CVE-2024-5908 | Information Exposure Through Log Files vulnerability in Paloaltonetworks Globalprotect A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. | 7.5 |
| 2023-06-14 | CVE-2023-0009 | Unspecified vulnerability in Paloaltonetworks Globalprotect A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges. | 7.8 |
| 2022-02-10 | CVE-2022-0016 | Improper Handling of Exceptional Conditions vulnerability in Paloaltonetworks Globalprotect An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. | 7.8 |
| 2022-02-10 | CVE-2022-0017 | Link Following vulnerability in Paloaltonetworks Globalprotect An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. | 7.8 |
| 2020-06-10 | CVE-2020-2032 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Paloaltonetworks Globalprotect A race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. | 7.0 |
| 2020-04-08 | CVE-2020-1989 | Improper Privilege Management vulnerability in Paloaltonetworks Globalprotect An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. | 7.8 |
| 2019-10-16 | CVE-2019-17436 | Unspecified vulnerability in Paloaltonetworks Globalprotect A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system. | 7.1 |