Filtered by vendor Paloaltonetworks Subscriptions
Filtered by product Globalprotect App Subscriptions

Search

Switch to Advanced Search (Beta)
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-0120 1 Paloaltonetworks 1 Globalprotect App 2025-04-11 N/A
A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtectâ„¢ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.
CVE-2025-0117 1 Paloaltonetworks 1 Globalprotect App 2025-03-13 N/A
A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. GlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected.
CVE-2025-0118 1 Paloaltonetworks 1 Globalprotect App 2025-03-12 N/A
A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious page during the GlobalProtect SAML login process on a Windows device. This issue does not apply to the GlobalProtect app on other (non-Windows) platforms.
CVE-2024-9473 1 Paloaltonetworks 2 Globalprotect, Globalprotect App 2024-11-21 7.8 High
A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect.