This security bulletin contains one low risk vulnerability.
CWE-248 - Uncaught Exception
Exploit availability: NoDescription
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to uncaught exception in Windows VPN kernel driver. A local user can pass specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error.Mitigation
Install updates from vendor's website.Vulnerable software versions
GlobalProtect Agent: 5.1.0 - 5.2.3CPE2.3
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?