Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-8452Windows Hard Link in Checkpoint Endpoint Security

CWE-65Windows Hard LinkCWE-59Link Following4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 56.32%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Checkpoint Endpoint SecurityCheckpoint ZonealarmCheck Point Zonealarm Check Point Endpoint Security Client FOR Windows+1 more
Timeline
PublishedApr 22
Latest updateMay 24

Description

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5check_point_zonealarm/check_point_endpoint_security_client_for_windowsCheck Point Endpoint Security client for Windows before E80.96
NVDcheckpoint/zonealarm15.4.062
CVEListV5check_point_zonealarm/check_point_zonealarmCheck Point ZoneAlarm up to 15.4.062

🔴Vulnerability Details

2
GHSA
GHSA-5prc-43fj-m4f2: A hard-link created from log file archive of Check Point ZoneAlarm up to 152022-05-24
CVEList
CVE-2019-8452: A hard-link created from log file archive of Check Point ZoneAlarm up to 152019-04-22

💥Exploits & PoCs

1
Exploit-DB
CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation2019-10-07
CVE-2019-8452 — Windows Hard Link in Checkpoint | cvebase