First published: Wed Apr 08 2020(Updated: )
An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for Linux 5.0 versions before 5.0.8; 5.1 versions before 5.1.1.
Credit: psirt@paloaltonetworks.com
Affected Software | Affected Version | How to fix |
---|---|---|
Paloaltonetworks Globalprotect | >=5.0<5.0.8 | |
Paloaltonetworks Globalprotect | >=5.1<5.1.1 |
This issue is fixed in Global Protect Agent 5.0.8, Global Protect Agent 5.1.1 and all later versions.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-1989.
Palo Alto Networks Global Protect Agent for Linux on ARM platform versions 5.0 to 5.1.1 are affected.
The severity level of CVE-2020-1989 is high with a CVSS score of 7.8.
This vulnerability occurs due to an incorrect privilege assignment when writing application-specific files.
A local authenticated user can exploit this vulnerability to gain root privileges on the system.