An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.
References
Link | Resource |
---|---|
https://security.paloaltonetworks.com/CVE-2022-0016 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
17 Feb 2022, 13:54
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.9
v3 : 7.8 |
References | (CONFIRM) https://security.paloaltonetworks.com/CVE-2022-0016 - Vendor Advisory | |
First Time |
Microsoft windows
Microsoft Apple macos Paloaltonetworks globalprotect Apple Paloaltonetworks |
|
CWE | CWE-755 | |
CPE | cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:* |
10 Feb 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms. |
10 Feb 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-10 18:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-0016
Mitre link : CVE-2022-0016
CVE.ORG link : CVE-2022-0016
JSON object : View
Products Affected
microsoft
- windows
apple
- macos
paloaltonetworks
- globalprotect