CVE-2024-5921

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-5921
An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://blog.amberwolf.com/blog/2024/november/palo-alto-globalprotect---code-execution-and-privilege-escalation-via-malicious-vpn-server-cve-2024-5921/ Technical Description Exploit Third Party Advisory
https://github.com/AmberWolfCyber/NachoVPN Not Applicable
https://security.paloaltonetworks.com/CVE-2024-5921 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:android:*:*
cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:linux:*:*
cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*
cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*
cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*
cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*
History

27 Jun 2025, 16:55

Type Values Removed Values Added
References () https://blog.amberwolf.com/blog/2024/november/palo-alto-globalprotect---code-execution-and-privilege-escalation-via-malicious-vpn-server-cve-2024-5921/ - () https://blog.amberwolf.com/blog/2024/november/palo-alto-globalprotect---code-execution-and-privilege-escalation-via-malicious-vpn-server-cve-2024-5921/ - Technical Description, Exploit, Third Party Advisory
References () https://github.com/AmberWolfCyber/NachoVPN - () https://github.com/AmberWolfCyber/NachoVPN - Not Applicable
References () https://security.paloaltonetworks.com/CVE-2024-5921 - () https://security.paloaltonetworks.com/CVE-2024-5921 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*
cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:android:*:*
cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*
cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:linux:*:*
First Time Paloaltonetworks globalprotect
Paloaltonetworks

20 Feb 2025, 23:15

Type Values Removed Values Added
Summary
  • (es) Un problema de validación de certificación insuficiente en la aplicación GlobalProtect de Palo Alto Networks permite a los atacantes conectar la aplicación GlobalProtect a servidores arbitrarios. Esto puede permitir que un usuario de sistema operativo local no administrativo o un atacante en la misma subred instale certificados raíz maliciosos en el endpoint y, posteriormente, instale software malicioso firmado por los certificados raíz maliciosos en ese endpoint. La aplicación GlobalProtect para Android está en evaluación. Suscríbase a nuestro canal RSS https://security.paloaltonetworks.com/rss.xml para recibir alertas sobre nuevas actualizaciones de este y otros avisos.
Summary (en) An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. GlobalProtect App for Android is under evaluation. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories. (en) An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.

27 Nov 2024, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-27 04:15

Updated : 2025-06-27 16:55

NVD link : CVE-2024-5921

Mitre link : CVE-2024-5921

CVE.ORG link : CVE-2024-5921

JSON object : View

Products Affected

paloaltonetworks

  • globalprotect
CWE
CWE-295

Improper Certificate Validation