Rewterz Threat Advisory – Multiple Palo Alto Networks Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-2432 CVSS:4.5

Palo Alto Networks GlobalProtect app on Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper privilege management. By sending a specially crafted request, an attacker could exploit this vulnerability to execute programs with elevated privileges.

CVE-2024-2433 CVSS:4.3

Palo Alto Networks Panorama software is vulnerable to a denial of service, caused by an improper authorization vulnerability. A remote authenticated attacker could exploit this vulnerability to upload files using the web interface and completely fill one of the disk partitions with those uploaded files.

CVE-2024-2431 CVSS:5.5

Palo Alto Networks GlobalProtect app is vulnerable to a denial of service, caused by improper privilege management. A local authenticated attacker could exploit this vulnerability to disable the GlobalProtect app in configurations.

Impact

• Privilege Escalation
• Denial of Service

Indicators Of Compromise

CVE

• CVE-2024-2432
• CVE-2024-2433
• CVE-2024-2431

Affected Vendors

Palo Alto

Affected Products

• Palo Alto Networks GlobalProtect App on Windows 6.2
• Palo Alto Networks GlobalProtect App on Windows 6.1.1
• Palo Alto Networks GlobalProtect App on Windows 6.0.7
• Palo Alto Networks GlobalProtect App on Windows 5.1.11
• Palo Alto Networks Cloud NGFW
• Palo Alto Networks Prisma Access
• Palo Alto Networks PAN-OS on Panorama
• Palo Alto Networks GlobalProtect App 6.2
• Palo Alto Networks GlobalProtect App 6.1
• Palo Alto Networks GlobalProtect App 6.0.3
• Palo Alto Networks GlobalProtect App 5.2.12
• Palo Alto Networks GlobalProtect App 5.1.11

Remediation

Refer to Palo Alto Networks Web site for patch, upgrade or suggested workaround information.

CVE-2024-2432

CVE-2024-2433

CVE-2024-2431