CVE-2017-15870

Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
paloaltonetworksglobalprotect
𝑥
≤ 4.0.2
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/102083
https://security.paloaltonetworks.com/CVE-2017-15870
http://www.securityfocus.com/bid/102083
https://security.paloaltonetworks.com/CVE-2017-15870