Vulnerability Description
An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paloaltonetworks | Globalprotect | >= 6.1.0, < 6.1.6 |
Related Weaknesses (CWE)
References
- https://blog.amberwolf.com/blog/2024/november/palo-alto-globalprotect---code-exeExploitTechnical DescriptionThird Party Advisory
- https://github.com/AmberWolfCyber/NachoVPNNot Applicable
- https://security.paloaltonetworks.com/CVE-2024-5921Vendor Advisory
FAQ
What is CVE-2024-5921?
CVE-2024-5921 is a vulnerability with a CVSS score of 8.8 (HIGH). An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administ...
How severe is CVE-2024-5921?
CVE-2024-5921 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-5921?
Check the references section above for vendor advisories and patch information. Affected products include: Paloaltonetworks Globalprotect.