HIGH🇵🇱 Wersja polska

CVE-2024-5921

CVSS 7.1v4.0pub. 2024-11-27upd. 2025-06-27

An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.

CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
  • Palo Alto Networks Globalprotect

    APP
    Paloaltonetworks
    6.1.0 – 6.1.6 (bez)6.1.0 – 6.1.7 (bez)6.1.0 – 6.2.1 (bez)6.1.0 – 6.2.6 (bez)6.3.0 – 6.3.2 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
VPN
CWE
References

Related vulnerabilities

CVE-2025-4232HIGH8.5ten sam produkt

An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks Glob...

CVE-2025-0120HIGH7.1ten sam produkt

A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows ...

CVE-2024-3661HIGH7.6ten sam produkt

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based securit...

CVE-2023-0009HIGH7.8ten sam produkt

A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables...

CVE-2022-0017HIGH7.0ten sam produkt

An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networ...