CVE-2024-5915 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability (Severity: MEDIUM) - #CVE-2024-5915
A medium-severity local privilege escalation vulnerability identified as CVE-2024-5915 has been discovered in the Palo Alto Networks GlobalProtect app for Windows devices. This vulnerability, which has a CVSSv4.0 Base Score of 5.2, allows local users to execute programs with elevated privileges due to incorrect permission assignments. The affected versions range from GlobalProtect App 6.3 before 6.3.1 to 5.1 before 5.1.x. Fixes are scheduled for release by the end of August 2024 for version 6.3.1 and by November and December 2024 for versions 6.0.x and 5.1.x, respectively. There have been no reports of malicious exploitation so far. Palo Alto Networks recommends updating to the fixed versions once available to mitigate the risk.