CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6233 – Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6233
31 Jul 2024 — Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Forensic Recorder service. By creating a symbolic link, an attacker can abuse the service to overwrite arbitrary... • https://www.zerodayinitiative.com/advisories/ZDI-24-1036 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6013 – Check Point ZoneAlarm Symlink Following Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-6013
02 Jul 2020 — ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker who already has access to the system to execute code at elevated privileges through a combination of file permission manipulation and exploitation of Windows CVE-2020-00896 on unpatched systems. Los productos ZoneAlarm Firewall y Antivirus anteriores a versión 15.8.109.18436, permiten a un atacante que ya posee acceso al sistema ejecutar código con privilegios elevados por medio de una combinación de manipulación de pe... • https://www.zonealarm.com/software/extreme-security/release-history • CWE-65: Windows Hard Link CWE-269: Improper Privilege Management •