1.0 Introduction
Recently, Palo Alto Networks has released security updates to address a vulnerability in its product tracked as
CVE-2024-5921
GlobalProtect App: Insufficient Certificate Validation Leads to Privilege Escalation.
2.0 Impact
An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.
3.0 Affected Products
- GlobalProtect App 6.3: All versions
- GlobalProtect App 6.2: Versions prior to 6.2.6 on Windows
- GlobalProtect App 6.2: All versions on MacOS and Linux
- GlobalProtect App 6.1: All versions
- GlobalProtect App 6.0: None in FIPS-CC Mode
- GlobalProtect APP 5.1: None in FIPS-CC Mode
- GlobalProtect iOS App: All versions
- GlobalProtect UWP APP: All versions
4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review
Palo Alto Network Security Advisories
for more information and apply the necessary updates.
Kindly refer to the following URLs for more information:
Generally, Cyber999 advises the users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact us through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:30 MYT
Web:
https://www.mycert.org.my
5.0 References