CVE-2019-8455Windows Hard Link in Checkpoint Zonealarm

CWE-65Windows Hard LinkCWE-59Link Following3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 76.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Checkpoint Zonealarm
Timeline
PublishedApr 17
Latest updateMay 13

Description

A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages1 packages

NVDcheckpoint/zonealarm15.4.062

🔴Vulnerability Details

2
GHSA
GHSA-p9rv-6vff-wq29: A hard-link created from the log file of Check Point ZoneAlarm up to 152022-05-13
CVEList
CVE-2019-8455: A hard-link created from the log file of Check Point ZoneAlarm up to 152019-04-17
CVE-2019-8455 — Windows Hard Link in Checkpoint | cvebase