Home Palo Alto Networks CVE-2024-5921
Back to Palo Alto Networks

CVE-2024-5921

GlobalProtect - VPN Client

Palo Alto Networks CVSS 8.8 Updated March 16, 2026

Executive Risk Summary

"A vulnerability in the Palo Alto Networks GlobalProtect app allows attackers to connect to arbitrary servers, enabling the installation of malicious root certificates and subsequent malicious software. This can be exploited by a local non-administrative operating system user or an attacker on the same subnet."

Operational Audit Arsenal

Target Type Executable
Target Asset GlobalProtect.exe
Standard Path %ProgramFiles%Palo Alto NetworksGlobalProtect
PowerShell 
# 🛠️ Senior Engineer Universal Audit
# Target: GlobalProtect.exe (Executable)
$Targets = 'GlobalProtect.exe'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

Moderate

Internal Work Notes

CVE-2024-5921: GlobalProtect VPN Client vulnerability allowing arbitrary server connections and malicious software installation. Apply vendor patch and verify version.

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://blog.amberwolf.com/blog/2024/november/palo-alto-globalprotect---code-execution-and-privilege-escalation-via-malicious-vpn-server-cve-2024-5921/
Official Advisoryhttps://github.com/AmberWolfCyber/NachoVPN
Official Advisoryhttps://security.paloaltonetworks.com/CVE-2024-5921

Related Palo Alto Networks Threats

CVE-2024-3400 CVSS 10

PAN-OS - GlobalProtect
CVE-2025-0107 CVSS 9.8

Expedition - Web UI
CVE-2024-5910 CVSS 9.8

Palo Alto Networks Expedition
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.