Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-5921

UNKNOWN
Published 2024-11-27T03:50:13.596Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-5921. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.

Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Palo Alto Networks

GlobalProtect App

Affected Versions:

6.3.0 6.2.0 6.1.0
Palo Alto Networks

GlobalProtect App

Affected Versions:

6.3.0 6.2.0 6.1.0
Palo Alto Networks

GlobalProtect App

Affected Versions:

6.2.0 6.1.0
Palo Alto Networks

GlobalProtect App

Affected Versions:

6.1.0
Palo Alto Networks

GlobalProtect App

Affected Versions:

6.1.0
Palo Alto Networks

GlobalProtect App

Affected Versions:

6.0.0 5.1.0
Palo Alto Networks

GlobalProtect App

Affected Versions:

6.2.0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-ccr5-hmvm-37q5

Advisory Details

An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. GlobalProtect App for Android is under evaluation. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-5921
WEB https://blog.amberwolf.com/blog/2024/november/palo-alto-globalprotect---code-execution-and-privilege-escalation-via-malicious-vpn-server-cve-2024-5921
WEB https://github.com/AmberWolfCyber/NachoVPN
WEB https://security.paloaltonetworks.com/CVE-2024-5921

Advisory provided by GitHub Security Advisory Database. Published: November 27, 2024, Modified: June 27, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

1 post
Reddit 2 weeks, 1 day ago
Digital_Native_

Questions about 2025-2183 Vulnerability If you look at Palo's announcement here [https://security.paloaltonetworks.com/CVE-2025-2183](https://security.paloaltonetworks.com/CVE-2025-2183) If you look at the reequipment to be vulnerable. For option 1, I do not have that check box for local store, so does that mean that requirement is a negative? However for option 2 it says "GlobalProtect …

Also mentions: CVE-2025-2183
5
2
9.0
View Original

References

https://security.paloaltonetworks.com/CVE-2024-5921
https://blog.amberwolf.com/blog/2024/november/palo-alto-globalprotect---code-execution-and-privilege-escalation-via-malicious-vpn-server-cve-2024-5921/
https://github.com/AmberWolfCyber/NachoVPN
Published: 2024-11-27T03:50:13.596Z
Last Modified: 2025-02-20T22:30:01.359Z
Copied to clipboard!