{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-9473","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","state":"PUBLISHED","assignerShortName":"palo_alto","dateReserved":"2024-10-03T11:35:19.552Z","datePublished":"2024-10-09T17:07:00.981Z","dateUpdated":"2024-10-18T11:59:17.267Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.1:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.3.0:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.4:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.3:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.2:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.1:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2.0:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.2:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.5:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.4:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.3:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.2:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.1:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1.0:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.1:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.10:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.8:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.7:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.6:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.5:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.4:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.3:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.2:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.1:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0.0:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:6.0:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.12:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.11:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.10:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.9:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.8:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.7:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.6:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.5:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.4:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.3:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.2:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.1:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1.0:-:*:*:*:*:*:*","cpe:2.3:a:paloaltonetworks:globalprotect_app:5.1:-:*:*:*:*:*:*"],"defaultStatus":"unaffected","platforms":["Windows"],"product":"GlobalProtect App","vendor":"Palo Alto Networks","versions":[{"status":"affected","version":"5.1"},{"status":"affected","version":"6.0"},{"status":"affected","version":"6.1"},{"changes":[{"at":"6.2.5","status":"unaffected"}],"lessThan":"6.2.5","status":"affected","version":"6.2.0","versionType":"custom"},{"status":"affected","version":"6.3"}]}],"credits":[{"lang":"en","type":"finder","value":"Michael Baer of SEC Consult Vulnerability Lab"},{"lang":"en","type":"finder","value":"Marc Barrantes of KPMG Spain"}],"datePublic":"2024-10-09T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect."}],"value":"A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue. However, a proof of concept for this issue is publicly available.<br>"}],"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue. However, a proof of concept for this issue is publicly available."}],"impacts":[{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233 Privilege Escalation"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"LOCAL","baseScore":5.2,"baseSeverity":"MEDIUM","privilegesRequired":"LOW","providerUrgency":"AMBER","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","userInteraction":"NONE","valueDensity":"CONCENTRATED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:C/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-250","description":"CWE-250 Execution with Unnecessary Privileges","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-10-18T11:59:17.267Z"},"references":[{"tags":["vendor-advisory"],"url":"https://security.paloaltonetworks.com/CVE-2024-9473"},{"tags":["third-party-advisory","exploit"],"url":"https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-msi-installer-in-palo-alto-networks-globalprotect/"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"This issue is fixed in GlobalProtect app 6.2.5, and will be fixed in the remaining supported versions of GlobalProtect app listed in the Product Status section. Updates will be published to this advisory as they become available.<br><br>Customers who want to upgrade should reach out to customer support at <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com\">https://support.paloaltonetworks.com</a>.<br>"}],"value":"This issue is fixed in GlobalProtect app 6.2.5, and will be fixed in the remaining supported versions of GlobalProtect app listed in the Product Status section. Updates will be published to this advisory as they become available.\n\nCustomers who want to upgrade should reach out to customer support at  https://support.paloaltonetworks.com ."}],"source":{"defect":["GPC-19493","GPC-21211"],"discovery":"EXTERNAL"},"timeline":[{"lang":"en","time":"2024-10-09T16:00:00.000Z","value":"Initial publication"}],"title":"GlobalProtect App: Local Privilege Escalation (PE) Vulnerability","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"affected":[{"vendor":"paloaltonetworks","product":"globalprotect","cpes":["cpe:2.3:a:paloaltonetworks:globalprotect:5.1.0:*:*:*:*:windows:*:*"],"defaultStatus":"unaffected","versions":[{"version":"5.1.0","status":"affected"}]},{"vendor":"paloaltonetworks","product":"globalprotect","cpes":["cpe:2.3:a:paloaltonetworks:globalprotect:6.0.0:*:*:*:*:windows:*:*"],"defaultStatus":"unaffected","versions":[{"version":"6.0.0","status":"affected"}]},{"vendor":"paloaltonetworks","product":"globalprotect","cpes":["cpe:2.3:a:paloaltonetworks:globalprotect:6.1.0:*:*:*:*:windows:*:*"],"defaultStatus":"unaffected","versions":[{"version":"6.1.0","status":"affected"}]},{"vendor":"paloaltonetworks","product":"globalprotect","cpes":["cpe:2.3:a:paloaltonetworks:globalprotect:6.3.0:*:*:*:*:windows:*:*"],"defaultStatus":"unaffected","versions":[{"version":"6.3.0","status":"affected"}]},{"vendor":"paloaltonetworks","product":"globalprotect","cpes":["cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*"],"defaultStatus":"unaffected","versions":[{"version":"6.2.0","status":"affected","lessThan":"6.2.5","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-15T12:53:19.159087Z","id":"CVE-2024-9473","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-15T13:00:52.468Z"}},{"title":"CVE Program Container","references":[{"url":"http://seclists.org/fulldisclosure/2024/Oct/2"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-10-10T06:03:45.155Z"}}]}}