Early Access — Mondoo Vulnerability Intelligence is currently in preview.
A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM.
GlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and GlobalProtect UWP App are not affected.
Exploitability
AV:LAC:LAT:NPR:LUI:PVulnerable System
VC:NVI:HVA:NSubsequent System
SC:HSI:HSA:H7.1/CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:AmberOther