HIGH🇬🇧 English

CVE-2019-8452

CVSS 7.8v3.1pub. 2019-04-22upd. 2024-11-21

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Checkpoint Endpoint Security

    APP
    Checkpoint
    < e80.96
  • Checkpoint Zonealarm

    APP
    Checkpoint
    ≤ 15.4.062
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-28134HIGH7.8ten sam produkt

Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Ext...

CVE-2023-28133HIGH7.8ten sam produkt

Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL config...

CVE-2022-41604HIGH8.8ten sam produkt

Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This o...

CVE-2022-23742HIGH7.8ten sam produkt

Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports...

CVE-2022-23743HIGH7.8ten sam produkt

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upg...