CVE-2024-2431 - Vulnerability Details - OpenCVE

ReportizFlow

An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Palo Alto Networks	Globalprotect App
Paloaltonetworks	Globalprotect

Configuration 1 [-]

OR	cpe:2.3:a:paloaltonetworks:globalprotect::::::-::*
	cpe:2.3:a:paloaltonetworks:globalprotect::::::-::*
	cpe:2.3:a:paloaltonetworks:globalprotect::::::-::*
	cpe:2.3:a:paloaltonetworks:globalprotect:6.1.0:::::-::

No data.

References

Link	Providers
https://security.paloaltonetworks.com/CVE-2024-2431

History

Fri, 26 Sep 2025 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Paloaltonetworks Paloaltonetworks globalprotect
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:paloaltonetworks:globalprotect::::::-::* cpe:2.3:a:paloaltonetworks:globalprotect:6.1.0:::::-::
Vendors & Products		Paloaltonetworks Paloaltonetworks globalprotect

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2024-03-13T17:51:17.735Z

Updated: 2024-08-05T13:31:26.517Z

Reserved: 2024-03-13T16:19:25.624Z

Link: CVE-2024-2431

Vulnrichment

Updated: 2024-08-01T19:11:53.593Z

NVD

Status : Analyzed

Published: 2024-03-13T18:15:08.293

Modified: 2025-09-26T19:11:17.373

Link: CVE-2024-2431

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2431", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2024-03-13T16:19:25.624Z", "datePublished": "2024-03-13T17:51:17.735Z", "dateUpdated": "2024-08-05T13:31:26.517Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "GlobalProtect App", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "6.0.4", "status": "unaffected"}], "lessThan": "6.0.4", "status": "affected", "version": "6.0", "versionType": "custom"}, {"changes": [{"at": "5.1.12", "status": "unaffected"}], "lessThan": "5.1.12", "status": "affected", "version": "5.1", "versionType": "custom"}, {"changes": [{"at": "5.2.13", "status": "unaffected"}], "lessThan": "5.2.13", "status": "affected", "version": "5.2", "versionType": "custom"}, {"changes": [{"at": "6.1.1", "status": "unaffected"}], "lessThan": "6.1.1", "status": "affected", "version": "6.1", "versionType": "custom"}, {"status": "unaffected", "version": "6.2"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This is an issue only if \"Allow User to Disable GlobalProtect App\" is set to \"Allow with Passcode\". You should check this setting in your firewall web interface (Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App) and take the appropriate actions as needed."}], "value": "This is an issue only if \"Allow User to Disable GlobalProtect App\" is set to \"Allow with Passcode\". You should check this setting in your firewall web interface (Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App) and take the appropriate actions as needed."}], "credits": [{"lang": "en", "type": "finder", "value": "Palo Alto Networks thanks AIG Red Team and Stephen Collyer for discovering and reporting this issue."}], "datePublic": "2024-03-13T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode."}], "value": "An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"}], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-03-13T17:51:17.735Z"}, "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-2431"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.4, GlobalProtect app 6.1.1, and all later GlobalProtect app versions.<br>"}], "value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.4, GlobalProtect app 6.1.1, and all later GlobalProtect app versions.\n"}], "source": {"defect": ["GPC-15349"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2024-03-13T16:00:00.000Z", "value": "Initial publication"}], "title": "GlobalProtect App: Local User Can Disable GlobalProtect", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "You can mitigate this issue by setting \"Allow User to Disable GlobalProtect App\" to \"Disallow\" or \"Allow with Ticket.\"<br>"}], "value": "You can mitigate this issue by setting \"Allow User to Disable GlobalProtect App\" to \"Disallow\" or \"Allow with Ticket.\"\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.593Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-2431", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "paloaltonetworks", "product": "globalprotect", "cpes": ["cpe:2.3:a:paloaltonetworks:globalprotect:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect:5.2:*:*:*:*:universal_windows_platform:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect:6.0.0:*:*:*:*:universal_windows_platform:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect:6.1.0:*:*:*:*:universal_windows_platform:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect:6.2.0:*:*:*:*:windows:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.1", "status": "affected", "lessThan": "5.1.12", "versionType": "custom"}, {"version": "5.2", "status": "affected", "lessThan": "5.2.13", "versionType": "custom"}, {"version": "6.0.0", "status": "affected", "lessThan": "6.0.4", "versionType": "custom"}, {"version": "6.1.0", "status": "affected", "lessThan": "6.1.1", "versionType": "custom"}, {"version": "6.2.0", "status": "unaffected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-15T15:20:30.083812Z", "id": "CVE-2024-2431", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T13:31:26.517Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-2431", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.593Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2431", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-15T15:20:30.083812Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:paloaltonetworks:globalprotect:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect:5.2:*:*:*:*:universal_windows_platform:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect:6.0.0:*:*:*:*:universal_windows_platform:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect:6.1.0:*:*:*:*:universal_windows_platform:*:*", "cpe:2.3:a:paloaltonetworks:globalprotect:6.2.0:*:*:*:*:windows:*:*"], "vendor": "paloaltonetworks", "product": "globalprotect", "versions": [{"status": "affected", "version": "5.1", "lessThan": "5.1.12", "versionType": "custom"}, {"status": "affected", "version": "5.2", "lessThan": "5.2.13", "versionType": "custom"}, {"status": "affected", "version": "6.0.0", "lessThan": "6.0.4", "versionType": "custom"}, {"status": "affected", "version": "6.1.0", "lessThan": "6.1.1", "versionType": "custom"}, {"status": "unaffected", "version": "6.2.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T13:26:20.336Z"}}], "cna": {"title": "GlobalProtect App: Local User Can Disable GlobalProtect", "source": {"defect": ["GPC-15349"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Palo Alto Networks thanks AIG Red Team and Stephen Collyer for discovering and reporting this issue."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "GlobalProtect App", "versions": [{"status": "affected", "changes": [{"at": "6.0.4", "status": "unaffected"}], "version": "6.0", "lessThan": "6.0.4", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "5.1.12", "status": "unaffected"}], "version": "5.1", "lessThan": "5.1.12", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "5.2.13", "status": "unaffected"}], "version": "5.2", "lessThan": "5.2.13", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "6.1.1", "status": "unaffected"}], "version": "6.1", "lessThan": "6.1.1", "versionType": "custom"}, {"status": "unaffected", "version": "6.2"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n", "supportingMedia": [{"type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>", "base64": false}]}], "timeline": [{"lang": "en", "time": "2024-03-13T16:00:00.000Z", "value": "Initial publication"}], "solutions": [{"lang": "en", "value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.4, GlobalProtect app 6.1.1, and all later GlobalProtect app versions.\n", "supportingMedia": [{"type": "text/html", "value": "This issue is fixed in GlobalProtect app 5.1.12, GlobalProtect app 5.2.13, GlobalProtect app 6.0.4, GlobalProtect app 6.1.1, and all later GlobalProtect app versions.<br>", "base64": false}]}], "datePublic": "2024-03-13T16:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-2431"}], "workarounds": [{"lang": "en", "value": "You can mitigate this issue by setting \"Allow User to Disable GlobalProtect App\" to \"Disallow\" or \"Allow with Ticket.\"\n", "supportingMedia": [{"type": "text/html", "value": "You can mitigate this issue by setting \"Allow User to Disable GlobalProtect App\" to \"Disallow\" or \"Allow with Ticket.\"<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode.", "supportingMedia": [{"type": "text/html", "value": "An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "configurations": [{"lang": "en", "value": "This is an issue only if \"Allow User to Disable GlobalProtect App\" is set to \"Allow with Passcode\". You should check this setting in your firewall web interface (Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App) and take the appropriate actions as needed.", "supportingMedia": [{"type": "text/html", "value": "This is an issue only if \"Allow User to Disable GlobalProtect App\" is set to \"Allow with Passcode\". You should check this setting in your firewall web interface (Network > GlobalProtect > Portals > (portal-config) > Agent > (agent-config) > App) and take the appropriate actions as needed.", "base64": false}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-03-13T17:51:17.735Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2431", "state": "PUBLISHED", "dateUpdated": "2024-08-05T13:31:26.517Z", "dateReserved": "2024-03-13T16:19:25.624Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2024-03-13T17:51:17.735Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:-:*:*", "matchCriteriaId": "BDD699DE-FF4A-45F6-A54F-C9F7DACEC11B", "versionEndExcluding": "5.1.12", "versionStartIncluding": "5.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:-:*:*", "matchCriteriaId": "17659F3A-7D33-473C-A757-6E28522CCEFB", "versionEndIncluding": "5.2.13", "versionStartIncluding": "5.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:-:*:*", "matchCriteriaId": "D61046B3-B036-43D6-933F-CD01C7DD49A6", "versionEndExcluding": "6.0.4", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:6.1.0:*:*:*:*:-:*:*", "matchCriteriaId": "BFC6ACB1-4DF7-435F-B6C0-4AF0D8E9F14B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode."}, {"lang": "es", "value": "Un problema en la aplicaci\u00f3n Palo Alto Networks GlobalProtect permite a un usuario sin privilegios deshabilitar la aplicaci\u00f3n GlobalProtect en configuraciones que permiten a un usuario deshabilitar GlobalProtect con un c\u00f3digo de acceso."}], "id": "CVE-2024-2431", "lastModified": "2025-09-26T19:11:17.373", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-03-13T18:15:08.293", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-2431"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-2431"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}]}