CVE-2020-1988

MEDIUM

Palo Alto Networks GlobalProtect Agent <5.0.5-4.1.13 - Privilege Es...

Title source: llm
STIX 2.1

Description

An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://security.paloaltonetworks.com/CVE-2020-1988

Scores

CVSS v3 4.2
EPSS 0.0013
EPSS Percentile 32.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-428
Status published
Products (1)
paloaltonetworks/globalprotect 4.1.0 - 4.1.13
Published Apr 08, 2020
Tracked Since Feb 18, 2026