← back
CVE-2020-1988

Global Protect Agent: Local privilege escalation due to an unquoted search path vulnerability

CVSS 4.2 MEDIUMEPSS 0.4%CWE-428
An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Affected products
Palo Alto Networks · Global Protect Agent

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.paloaltonetworks.com/CVE-2020-1988