CVE-2024-2431 GlobalProtect App: Local User Can Disable GlobalProtect
An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode.
Versions | Affected | Unaffected |
---|---|---|
GlobalProtect App 6.2 | None | All |
GlobalProtect App 6.1 | < 6.1.1 | >= 6.1.1 |
GlobalProtect App 6.0 | < 6.0.4 | >= 6.0.4 |
GlobalProtect App 5.2 | < 5.2.13 | >= 5.2.13 |
GlobalProtect App 5.1 | < 5.1.12 | >= 5.1.12 |
This is an issue only if "Allow User to Disable GlobalProtect App" is set to "Allow with Passcode". You should check this setting in your firewall web interface (Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App) and take the appropriate actions as needed.
CVSSv4.0 Base Score: 5.7 (CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Amber)
Palo Alto Networks is not aware of any malicious exploitation of this issue.
CWE-269 Improper Privilege Management
This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.4, GlobalProtect app 6.1.1, and all later GlobalProtect app versions.
You can mitigate this issue by setting "Allow User to Disable GlobalProtect App" to "Disallow" or "Allow with Ticket."