In April 2020, the CrowdStrike Intelligence Advanced Research Team identified two significant vulnerabilities in the Palo Alto Networks GlobalProtect VPN client that could enable unprivileged users to escalate their privileges to SYSTEM or root on different operating systems, including Windows, Linux, and macOS. The vulnerabilities, identified as CVE-2019-17435 and CVE-2019-17436, were addressed by Palo Alto Networks with fixed versions released in October 2019. The exploit involves manipulating the GlobalProtect components, PanGPS and PanGPA, where PanGPS runs with SYSTEM privileges and can be exploited through a race condition during the software update process. By injecting a DLL and sending a fake software upgrade request, an attacker can replace the legitimate installer file with a malicious payload, allowing privilege escalation. Despite these vulnerabilities, Palo Alto Networks responded promptly to address the issues, underscoring the importance of timely updates and robust security practices in preventing such exploits.