Published: 22/04/2019 Updated: 22/10/2020

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
checkpoint endpoint security
checkpoint zonealarm

# Exploit Title: CheckPoint Endpoint Security Client/ZoneAlarm 15406217802 - Privilege Escalation # Date: 2019-01-30 # Exploit Author: Jakub Palaczynski # Vendor Homepage: wwwcheckpointcom/ # Version: Check Point Endpoint Security VPN <= E8087 Build 986009514 # Version: Check Point ZoneAlarm <= 15406217802 # CVE: CVE-2019-845 ...

CheckPoint Endpoint Security VPN versions E8087 Build 986009514 and below and ZoneAlarm versions 15406217802 and below suffer from a privilege escalation vulnerability ...

CWE-59 https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960 https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk150012 http://packetstormsecurity.com/files/154754/CheckPoint-Endpoint-Security-Client-ZoneAlarm-Privilege-Escalation.html https://nvd.nist.gov https://www.exploit-db.com/exploits/47471

CVE-2019-8452

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect