CVE-2019-8455

low-risk
Published 2019-04-17

A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.

Do I need to act?

-
0.08% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.1/10 High
LOCAL / LOW complexity

Affected Products (1)

Zonealarm

Affected Vendors

Checkpoint

References (4)

Third Party Advisory http://www.securityfocus.com/bid/108029
Vendor Advisory https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960
Third Party Advisory http://www.securityfocus.com/bid/108029
Vendor Advisory https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960
27
/ 100
low-risk
Severity 22/34 · High
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal