An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms.
References
Link | Resource |
---|---|
https://security.paloaltonetworks.com/CVE-2022-0017 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
17 Feb 2022, 14:14
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-59 | |
First Time |
Paloaltonetworks
Microsoft windows Microsoft Paloaltonetworks globalprotect |
|
CVSS |
v2 : v3 : |
v2 : 6.9
v3 : 7.8 |
References | (CONFIRM) https://security.paloaltonetworks.com/CVE-2022-0017 - Vendor Advisory | |
CPE | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:*:*:* |
10 Feb 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms. |
10 Feb 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-10 18:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-0017
Mitre link : CVE-2022-0017
CVE.ORG link : CVE-2022-0017
JSON object : View
Products Affected
microsoft
- windows
paloaltonetworks
- globalprotect
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')