CVE-2019-8452

moderate-risk
Published 2019-04-22

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.

Do I need to act?

-
0.21% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
47471
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (2)

Endpoint Security
Zonealarm

Affected Vendors

Checkpoint

References (6)

Exploit http://packetstormsecurity.com/files/154754/CheckPoint-Endpoint-Security-Client-...
Vendor Advisory https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGovie...
Vendor Advisory https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960
Exploit http://packetstormsecurity.com/files/154754/CheckPoint-Endpoint-Security-Client-...
Vendor Advisory https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGovie...
Vendor Advisory https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960
32
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 7/34 · Low