Palo Alto Networks has disclosed a vital safety vulnerability in its GlobalProtect VPN software that allows domestically authenticated customers to escalate their privileges to root entry on macOS and Linux methods, or NT AUTHORITYSYSTEM on Home windows machines.
The vulnerability, categorized as an incorrect privilege task flaw, poses important safety dangers for organizations counting on the favored enterprise VPN answer.
The safety flaw impacts a number of variations of the GlobalProtect app throughout Home windows, macOS, and Linux platforms, permitting non-administrative customers who have already got native entry to a system to achieve full administrative management.
The sort of privilege escalation assault may allow malicious actors to put in software program, modify system configurations, entry delicate information, or set up persistent backdoors on compromised methods.
Palo Alto Networks GlobalProtect Vulnerability
The vulnerability has been assigned a CVSS rating of 5.7 below the bottom temporal scoring system and eight.4 below the bottom scoring system, indicating a medium severity degree with average urgency for remediation.
Palo Alto Networks categorizes this as a CWE-426 Untrusted Search Path weak point, which generally entails functions loading sources from insecure areas that attackers can manipulate.
Notably, the GlobalProtect functions on iOS, Android, Chrome OS, and the GlobalProtect UWP app stay unaffected by this vulnerability. The corporate emphasizes that no particular configuration is required for methods to be susceptible, which means all default installations of affected variations are in danger.
The vulnerability impacts a number of main variations of GlobalProtect. For model 6.3 customers on macOS and Home windows, methods operating variations prior to six.3.3-h1 (6.3.3-c650) are susceptible and will improve instantly. Model 6.2 customers on macOS and Home windows must replace to six.2.8-h2 (6.2.8-c243) or later, whereas Linux customers ought to improve to model 6.2.8 or later, with the repair anticipated to be obtainable by July 11, 2025.
All installations of GlobalProtect variations 6.1 and 6.0 throughout macOS, Home windows, and Linux platforms are affected and require rapid upgrades to the newest patched variations. The corporate supplies particular improve paths for every platform and model mixture.
Palo Alto Networks explicitly states that no workarounds or mitigations can be found for this vulnerability, making rapid software program updates the one viable answer.
The corporate reviews no recognized malicious exploitation of this situation within the wild, however organizations ought to prioritize patching efforts given the potential for privilege escalation assaults.
The vulnerability was found and reported by safety researchers Alex Bourla and Graham Brereton, whom Palo Alto Networks has acknowledged for his or her accountable disclosure.
Organizations utilizing GlobalProtect ought to implement the advisable updates as quickly as attainable to take care of their safety posture.
Examine reside malware conduct, hint each step of an assault, and make sooner, smarter safety selections -> Attempt ANY.RUN now
