CVE-2022-0017

HIGH Year: 2022
CVSS v3 Score
7.8
High
CVSS v2 Score
6.9
Medium
Weakness Type
CWE-59
View all →

Vulnerability Description

An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms.

Related Vulnerabilities

CVE-2003-0578

HIGH
CVSS:7.8(High)

cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.

CWE-592003

CVE-2008-7273

HIGH
CVSS:7.8(High)

A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.

CWE-592008

CVE-2011-3618

HIGH
CVSS:7.8(High)

atop: symlink attack possible due to insecure tempfile handling

CWE-592011

CVE-2012-1093

HIGH
CVSS:7.8(High)

The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.

CWE-592012

CVE-2013-4364

HIGH
CVSS:7.8(High)

(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attac...

CWE-592013

CVE-2014-3219

HIGH
CVSS:7.8(High)

fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.

CWE-592014