Vulnerability Name: | CVE-2019-8452 (CCN-160027) | ||||||||||||
Assigned: | 2019-02-18 | ||||||||||||
Published: | 2019-02-18 | ||||||||||||
Updated: | 2020-10-22 | ||||||||||||
Summary: | A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file. | ||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
7.6 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-59 CWE-65 | ||||||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2019-8452 Source: MISC Type: Exploit, Third Party Advisory, VDB Entry http://packetstormsecurity.com/files/154754/CheckPoint-Endpoint-Security-Client-ZoneAlarm-Privilege-Escalation.html Source: XF Type: UNKNOWN checkpoint-cve20198452-priv-esc(160027) Source: CCN Type: Packet Storm Security [10-07-2019] CheckPoint Endpoint Security Client / ZoneAlarm Privilege Escalation Source: CONFIRM Type: Vendor Advisory https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk150012 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [10-07-2019] Source: CCN Type: ZoneAlarm Web site ZoneAlarm Free Antivirus + Firewall version 15.4.260.17960 Source: MISC Type: Vendor Advisory https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |