Vulnerability Description
Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."
CVSS Score
6.7
MEDIUM
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paloaltonetworks | Globalprotect | <= 4.0.2 |
References
- http://www.securityfocus.com/bid/102083Third Party AdvisoryVDB Entry
- https://security.paloaltonetworks.com/CVE-2017-15870
- http://www.securityfocus.com/bid/102083Third Party AdvisoryVDB Entry
- https://security.paloaltonetworks.com/CVE-2017-15870
FAQ
What is CVE-2017-15870?
CVE-2017-15870 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."
How severe is CVE-2017-15870?
CVE-2017-15870 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-15870?
Check the references section above for vendor advisories and patch information. Affected products include: Paloaltonetworks Globalprotect.