CVE-2022-41604Improper Privilege Management in Checkpoint Zonealarm

CWE-269Improper Privilege Management3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.0%
top 87.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Checkpoint Zonealarm
Timeline
PublishedSep 27
Latest updateSep 28

Description

Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This can be leveraged to perform an arbitrary file move as NT AUTHORITY\SYSTEM.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages1 packages

NVDcheckpoint/zonealarm< 15.8.211.19229

🔴Vulnerability Details

2
GHSA
GHSA-xf3m-h4qp-mpv8: Check Point ZoneAlarm Extreme Security before 152022-09-28
CVEList
CVE-2022-41604: Check Point ZoneAlarm Extreme Security before 152022-09-27
CVE-2022-41604 — Improper Privilege Management | cvebase