Description Of Issue : Unquoted Service Path that allows escalation to system. Due to spaces in the path if an adversary places an exe along the path then they can get system execution.
Steps To Reproduce : An adversary can drop C:\Program Files\Palo.exe or C:\Program Files\Palo Alto.exe. Can test it with calc.exe and rename it to the exe in one of these paths. Then you can reboot or just restart the service Pan GlobalProtect Service (PanGPS) and it will kick it off as system. The final path that the service is looking for is “C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipMp.exe”