CVE-2019-17435 Local Privilege Escalation in GlobalProtect App for Windows
A Local Privilege Escalation vulnerability exists in the GlobalProtect App for Windows auto-update feature that can allow for modification of a GlobalProtect App MSI installer package on disk before installation. (Ref # GPC-8977, CVE-2019-17435)
Successful exploitation of this issue may allow a low-privileged local user to escalate their privileges to the System user.
This issue affects GlobalProtect App 5.0.3 and earlier for Windows and GlobalProtect App 4.1.12 and earlier for Windows.
Versions | Affected | Unaffected |
---|---|---|
GlobalProtect App 5.0 | <= 5.0.3 | >= 5.0.4 |
GlobalProtect App 4.1 | <= 4.1.12 | >= 4.1.13 |
CVSSv3.1 Base Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
CWE-269 Improper Privilege Management
GlobalProtect App 4.1.13 and later for Windows and GlobalProtect App 5.0.4 and later for Windows.
N/A