The host is installed with GlobalProtect App 5.2 before 5.2.9 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle an issue in the Connect Before Logon feature. Successful exploitation allows attackers to escalate SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances.