CVE-2024-9473

Public Exploit
GlobalProtect App: Local Privilege Escalation (PE) Vulnerability

Description

A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect.

Remediation

Solution:

  • This issue is fixed in GlobalProtect app 6.2.5, and will be fixed in the remaining supported versions of GlobalProtect app listed in the Product Status section. Updates will be published to this advisory as they become available. Customers who want to upgrade should reach out to customer support at https://support.paloaltonetworks.com .

Category

5.2
CVSS
Severity: Medium
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.04%
Vendor Advisory paloaltonetworks.com
Affected: Palo Alto Networks GlobalProtect App
Published at:
Updated at:

References

Link Tags
https://security.paloaltonetworks.com/CVE-2024-9473 vendor advisory
https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-msi-installer-in-palo-alto-networks-globalprotect/ third party advisory exploit
http://seclists.org/fulldisclosure/2024/Oct/2

Frequently Asked Questions

What is the severity of CVE-2024-9473?
CVE-2024-9473 has been scored as a medium severity vulnerability.
How to fix CVE-2024-9473?
To fix CVE-2024-9473: This issue is fixed in GlobalProtect app 6.2.5, and will be fixed in the remaining supported versions of GlobalProtect app listed in the Product Status section. Updates will be published to this advisory as they become available. Customers who want to upgrade should reach out to customer support at https://support.paloaltonetworks.com .
Is CVE-2024-9473 being actively exploited in the wild?
It is possible that CVE-2024-9473 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-9473?
CVE-2024-9473 affects Palo Alto Networks GlobalProtect App.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.