Executive Risk Summary
"A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user, enabling the attacker to run commands as if they are a legitimate authenticated user. This vulnerability can be exploited when an authenticated user navigates to a malicious page during the GlobalProtect SAML login process on a Windows device."
Operational Audit Arsenal
# 🛠️ Senior Engineer Universal Audit
# Target: GlobalProtect (Application)
$Target = "GlobalProtect"
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")
Get-ChildItem -Path $SearchPaths -Filter $Target -Recurse -ErrorAction SilentlyContinue |
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}Patch Impact Forecast
Low to Moderate
Internal Work Notes
Intelligence Sources
Scope of Impact
Original NVD Description
"A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious page during the GlobalProtect SAML login process on a Windows device. This issue does not apply to the GlobalProtect app on other (non-Windows) platforms."