Palo Alto Networks GlobalProtect App Improper Certificate Validation Vulnerability

A vulnerability exists in the Palo Alto Networks GlobalProtect app due to improper certificate validation. This flaw allows an attacker to intercept encrypted communications and potentially compromise the endpoint. It could enable a local non-administrative user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software. The vulnerability affects GlobalProtect App versions 6.0.0 prior to 6.0.14, 6.1.0 prior to 6.1.13, 6.2.0 prior to 6.2.8-h10, and 6.3.0 prior to 6.3.3-h9 (6.3.3-999) on macOS. However, the GlobalProtect app on Windows, Linux, iOS, and the UWP version are not affected.

Impact

Exploitation of this vulnerability could lead to interception of encrypted communications, allowing for unauthorized redirection of traffic and potential installation of malicious software on the endpoint.

Remediation

Users can upgrade to GlobalProtect App 6.3.3-h9 (6.3.3-999) or later on macOS, or to GlobalProtect App 6.1.13 or later on Android or Chrome OS. For GlobalProtect App 6.2 on macOS, users should upgrade to version 6.2.8-h10 (6.2.8-948) or later. No action is needed for users on Windows, Linux, iOS, or the UWP version.