{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-9473",
        "ASSIGNER": "psirt@paloaltonetworks.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-250 Execution with Unnecessary Privileges",
                        "cweId": "CWE-250"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Palo Alto Networks",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "GlobalProtect App",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "not down converted",
                                            "x_cve_json_5_version_data": {
                                                "versions": [
                                                    {
                                                        "status": "affected",
                                                        "version": "5.1"
                                                    },
                                                    {
                                                        "status": "affected",
                                                        "version": "6.0"
                                                    },
                                                    {
                                                        "status": "affected",
                                                        "version": "6.1"
                                                    },
                                                    {
                                                        "changes": [
                                                            {
                                                                "at": "6.2.5",
                                                                "status": "unaffected"
                                                            }
                                                        ],
                                                        "lessThan": "6.2.5",
                                                        "status": "affected",
                                                        "version": "6.2.0",
                                                        "versionType": "custom"
                                                    },
                                                    {
                                                        "status": "affected",
                                                        "version": "6.3"
                                                    }
                                                ],
                                                "defaultStatus": "unaffected"
                                            }
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://security.paloaltonetworks.com/CVE-2024-9473",
                "refsource": "MISC",
                "name": "https://security.paloaltonetworks.com/CVE-2024-9473"
            },
            {
                "url": "https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-msi-installer-in-palo-alto-networks-globalprotect/",
                "refsource": "MISC",
                "name": "https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-msi-installer-in-palo-alto-networks-globalprotect/"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-dev"
    },
    "source": {
        "defect": [
            "GPC-19493",
            "GPC-21211"
        ],
        "discovery": "EXTERNAL"
    },
    "exploit": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. However, a proof of concept for this issue is publicly available.<br>"
                }
            ],
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. However, a proof of concept for this issue is publicly available."
        }
    ],
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "This issue is fixed in GlobalProtect app 6.2.5, and will be fixed in the remaining supported versions of GlobalProtect app listed in the Product Status section. Updates will be published to this advisory as they become available.<br><br>Customers who want to upgrade should reach out to customer support at <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com\">https://support.paloaltonetworks.com</a>.<br>"
                }
            ],
            "value": "This issue is fixed in GlobalProtect app 6.2.5, and will be fixed in the remaining supported versions of GlobalProtect app listed in the Product Status section. Updates will be published to this advisory as they become available.\n\nCustomers who want to upgrade should reach out to customer support at  https://support.paloaltonetworks.com ."
        }
    ],
    "credits": [
        {
            "lang": "en",
            "value": "Michael Baer of SEC Consult Vulnerability Lab"
        },
        {
            "lang": "en",
            "value": "Marc Barrantes of KPMG Spain"
        }
    ]
}