Palo Alto Networks Releases Security Update for GlobalProtect App (CVE-2024-5921)
Palo Alto Networks releases security update to address a privilege escalation vulnerability in GlobalProtect App
Summary
Palo Alto Networks releases security update to address a privilege escalation vulnerability in GlobalProtect App
Affected platforms
The following platforms are known to be affected:
Threat details
Technical Details Released for CVE-2024-5921
Security researchers have released technical details of CVE-2024-5921. This information may be used by attackers to target this vulnerability, increasing the likelihood of successful exploitation.
Introduction
Palo Alto Networks has released a security advisory for an insufficient certification validation vulnerability in the GlobalProtect app tracked as CVE-2024-5921 that could facilitate an attacker connecting the app to arbitrary servers.
CVE-2024-5921 has a CVSSv4.0 score of 5.6 and could be used by an attacker to install malicious root certificates on the endpoint.
An attacker could subsequently use this root certificate to install malicious software signed by the root certificate to facilitate privilege escalation.
Threat updates
| Date | Update |
|---|---|
| 27 Nov 2024 | Technical Details Released for CVE-2024-5921 |
Remediation advice
Affected organisations are strongly encouraged to review Palo Alto Networks security advisory and apply the relevant updates as soon as practicable.
Remediation steps
| Type | Step |
|---|---|
| Guidance |
Palo Alto Networks advise that this issue can be mitigated by using the GlobalProtect app in FIPS-CC mode. https://security.paloaltonetworks.com/CVE-2024-5921 |
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 27 November 2024 1:13 pm