===================================================================                                CERT-Renater

                     Note d'Information No. 2023/VULN162

_____________________________________________________________________

DATE                : 14/04/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running GlobalProtect app versions prior
                                 to 5.2.13, 6.0.4, 6.1.1.

====================================================================https://security.paloaltonetworks.com/CVE-2023-0006
_____________________________________________________________________

CVE-2023-0006 GlobalProtect App: Local File Deletion Vulnerability


Severity        6.3 ·    MEDIUM
Attack Vector            LOCAL
Scope                    UNCHANGED
Attack Complexity        HIGH
Confidentiality Impact   NONE
Privileges Required      LOW
Integrity Impact         HIGH
User Interaction         NONE
Availability Impact      HIGH
NVD JSON     Published               2023-04-12
  Updated                 2023-04-12
Reference                GPC-15378
Discovered externally

Description
A local file deletion vulnerability in the Palo Alto
Networks GlobalProtect app on Windows devices enables
a user to delete system files from the endpoint with
elevated privileges through a race condition.


Product Status

Versions                Affected              Unaffected
GlobalProtect App 6.1   < 6.1.1 on Windows    >= 6.1.1 on Windows
GlobalProtect App 6.0   < 6.0.4 on Windows    >= 6.0.4 on Windows
GlobalProtect App 5.2   < 5.2.13 on Windows   >= 5.2.13 on Windows
Severity:MEDIUM
CVSSv3.1 Base Score:6.3 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H)


Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation
of this issue.

Weakness Type
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition


Solution

This issue is fixed in GlobalProtect app 5.2.13, GlobalProtect app 
6.0.4, GlobalProtect app 6.1.1,
and all later GlobalProtect app versions
on Windows devices.


Acknowledgments

Palo Alto Networks thanks Stephen Collyer for discovering and
reporting this issue.


Timeline
2023-04-12           Initial publication


========================================================+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=======================================================