Vulnerability CVE-2019-8455
Published: 2019-04-17

Description:
A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.

Type:

CWE-275

 (Permission Issues)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.6/10
4.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
Checkpoint -> Zonealarm 

 References:
http://www.securityfocus.com/bid/108029
https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960
Copyright 2024, cxsecurity.com

 

Back to Top