CVE-2019-8452

CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.

Un enlace físico creado desde el archivo log file de Check Point ZoneAlarm hasta la versión 15.4.062 o el cliente de Check Point Endpoint Security para Windows anterior a versión E80.96, a cualquier archivo en el sistema se cambiará su permiso para que todos los usuarios puedan acceder a ese archivo vinculado. Hacer esto en archivos con acceso limitado le concede al atacante local mayores privilegios para el archivo.

CheckPoint Endpoint Security VPN versions E80.87 Build 986009514 and below and ZoneAlarm versions 15.4.062.17802 and below suffer from a privilege escalation vulnerability.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-02-18 CVE Reserved
2019-04-22 CVE Published
2019-10-07 First Exploit
2024-04-15 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-59: Improper Link Resolution Before File Access ('Link Following')
CWE-65: Windows Hard Link

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC
https://www.exploit-db.com/exploits/47471	2019-10-07
http://packetstormsecurity.com/files/154754/CheckPoint-Endpoint-Security-Client-ZoneAlarm-Privilege-Escalation.html	2024-08-04

URL	Date	SRC

URL	Date	SRC
https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk150012	2020-10-22
https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960	2020-10-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Checkpoint Search vendor "Checkpoint"		Endpoint Security Search vendor "Checkpoint" for product "Endpoint Security"				< e80.96 Search vendor "Checkpoint" for product "Endpoint Security" and version " < e80.96"		windows		Affected
Checkpoint Search vendor "Checkpoint"		Zonealarm Search vendor "Checkpoint" for product "Zonealarm"				<= 15.4.062 Search vendor "Checkpoint" for product "Zonealarm" and version " <= 15.4.062"		-		Affected