8.8
CVE-2024-5921
- EPSS 0.07%
- Veröffentlicht 27.11.2024 04:15:14
- Zuletzt bearbeitet 27.06.2025 16:55:15
- Quelle psirt@paloaltonetworks.com
- CVE-Watchlists
- Unerledigt
LoginAn insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Paloaltonetworks ≫ Globalprotect SwPlatformandroid Version >= 6.1.0 < 6.1.6
Paloaltonetworks ≫ Globalprotect SwPlatformiphone_os Version >= 6.1.0 < 6.1.7
Paloaltonetworks ≫ Globalprotect SwPlatformlinux Version >= 6.1.0 < 6.2.1
Paloaltonetworks ≫ Globalprotect SwPlatformmacos Version >= 6.1.0 < 6.2.6
Paloaltonetworks ≫ Globalprotect SwPlatformwindows Version >= 6.1.0 < 6.2.6
Paloaltonetworks ≫ Globalprotect SwPlatformmacos Version >= 6.3.0 < 6.3.2
Paloaltonetworks ≫ Globalprotect SwPlatformwindows Version >= 6.3.0 < 6.3.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.225 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@paloaltonetworks.com | 7.1 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.