CVE-2022-0016
EUVD-2022-1523710.02.2022, 18:15
An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| paloaltonetworks | globalprotect | 5.2 ≤ 𝑥 < 5.2.9 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-703 - Improper Check or Handling of Exceptional ConditionsThe software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.
- CWE-755 - Improper Handling of Exceptional ConditionsThe software does not handle or incorrectly handles an exceptional condition.