CVE-2024-2432

MEDIUM

Palo Alto Networks GlobalProtect < - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-2432. PoCs published by Hagrid29.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2024-2432, targeting Palo Alto GlobalProtect. The exploit leverages file oplocks and directory junctions to achieve local privilege escalation (LPE) by manipulating file operations and triggering a race condition.

Description

A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.

Exploits (1)

nomisec WORKING POC 64 stars
by Hagrid29 · poc
https://github.com/Hagrid29/CVE-2024-2432-PaloAlto-GlobalProtect-EoP

This repository contains a functional exploit PoC for CVE-2024-2432, targeting Palo Alto GlobalProtect. The exploit leverages file oplocks and directory junctions to achieve local privilege escalation (LPE) by manipulating file operations and triggering a race condition.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Palo Alto GlobalProtect (version not specified)
No auth needed
Prerequisites: Local access to the target system · Presence of vulnerable Palo Alto GlobalProtect software
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 4.5
EPSS 0.0039
EPSS Percentile 30.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-269
Status published
Products (2)
paloaltonetworks/globalprotect 6.2.0
paloaltonetworks/globalprotect 5.1.0 - 5.1.12
Published Mar 13, 2024
Tracked Since Feb 18, 2026