CVE-2020-1988

An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;

Published: Apr 8, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-1988
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-428

Affected Software
References

Software	From	Fixed in
paloaltonetworks / globalprotect	4.1.0	4.1.13
paloaltonetworks / globalprotect	5.0.0	5.0.5

https://security.paloaltonetworks.com/CVE-2020-1988

Vulnerability Database

289,599

CVE-2020-1988