CyberSec.Space Logo
Back to CVE Browser

CVE-2019-8452

HIGH
7.8
CVSS Severity Score
EPSS Score0.0690%
EPSS Percentile4.51th
PublishedApr 22, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.

Affected Platforms (CPE)

πŸ“¦
Checkpoint

Endpoint Security

< e80.96
πŸ“¦
Checkpoint

Zonealarm

<= 15.4.062

References & Advisories

πŸ”— http://packetstormsecurity.com/files/154754/CheckPoint-Endpoint-Security-Client-ZoneAlarm-Privilege-Escalation.html
πŸ”— https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk150012
πŸ”— https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960
πŸ”— http://packetstormsecurity.com/files/154754/CheckPoint-Endpoint-Security-Client-ZoneAlarm-Privilege-Escalation.html
πŸ”— https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk150012
πŸ”— https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960

Related Vulnerabilities

CVE-2009-124010.0

Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, ...

CVE-2009-254310.0

Multiple unspecified vulnerabilities in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Securi...

CVE-2009-142910.0

The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); S...

CVE-2021-4422810.0

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration...