Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2020-1988

An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:) or to Program Files directory to gain system privileges. This issue affects Palo Alto Networks GlobalProtect Agent 5.0 versions before 5.0.5; 4.1 versions before 4.1.13 on Windows;

Published: Apr 8, 2020
Updated: Nov 9, 2025
CVE: CVE-2020-1988
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.2
AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-428

Affected Software
References

Software	From	Fixed in
paloaltonetworks / globalprotect	4.1.0	4.1.13
paloaltonetworks / globalprotect	5.0.0	5.0.5

https://security.paloaltonetworks.com/CVE-2020-1988

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo