Vulnerability CVE-2020-6012


Published: 2020-08-04

Description:
ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links.

Type:

CWE-59

(Improper Link Resolution Before File Access ('Link Following'))

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
1.9/10
2.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Checkpoint -> Zonealarm anti-ransomware 

 References:
https://danishcyberdefence.dk/blog/zonealarm-check-point
https://www.zonealarm.com/anti-ransomware/release-history
https://www.zonealarm.com/software/extreme-security/release-history

Copyright 2024, cxsecurity.com

 

Back to Top