CVE-2024-5921

Nov. 27, 2024, 4:15 a.m.

None
No Score

Description

An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. GlobalProtect App for Android is under evaluation. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.

Product(s) Impacted

Product Versions
Palo Alto Networks GlobalProtect App

Weaknesses

CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.

References

https://blog.amberwolf.com/blog/2024/november/palo-alto-globalprotect---code-execution-and-privilege-escalation-via-malicious-vpn-server-cve-2024-5921/
https://github.com/AmberWolfCyber/NachoVPN
https://security.paloaltonetworks.com/CVE-2024-5921

Tags

CWE-295
psirt@paloaltonetworks.com
2024-11-27
CVE-2024-5921

Date

  • Published: Nov. 27, 2024, 4:15 a.m.
  • Last Modified: Nov. 27, 2024, 4:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@paloaltonetworks.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.