ASA-2019-00582 – Palo Alto Networks GlobalProtect Agent: Local Privilege Escalation vulnerability

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00582

Identifier(s)

ASA-2019-00582, CVE-2019-17435, PAN-SA-2019-0036

Title

Local Privilege Escalation vulnerability

Vendor(s)

Palo Alto Networks

Product(s)

GlobalProtect Agent

Affected version(s)

GlobalProtect Agent for Windows before version 5.0.4
GlobalProtect Agent for Windows before version 4.1.13

Fixed version(s)

GlobalProtect Agent for Windows version 5.0.4
GlobalProtect Agent for Windows version 4.1.13

Proof of concept

Unknown

Description

A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows auto-update feature that can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation. Successful exploitation of this issue may allow a low-privileged local user to escalate their privileges to the System user.

Technical details

Unknown

Credits

Hanno Heinrichs (CrowdStrike)

Reference(s)

Local Privilege Escalation in GlobalProtect Agent for Windows
https://securityadvisories.paloaltonetworks.com/Home/Detail/197

Palo Alto Networks Security Advisories: 15-October-2019
https://live.paloaltonetworks.com/t5/PSIRT-Articles/Palo-Alto-Networks-Security-Advisories-15-October-2019/ta-p/293088

CVE-2019-17435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17435

CVE-2019-17435
https://nvd.nist.gov/vuln/detail/CVE-2019-17435

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: October 23, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.