Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-8455

A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.

Published

2019-04-17T15:29:01.220

Last Modified

2024-11-21T04:49:56.200

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-65
Type: Primary
CWE-59

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	checkpoint	zonealarm	≤ 15.4.062	Yes

References

http://www.securityfocus.com/bid/108029 Third Party Advisory, VDB Entry ([email protected])
https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/108029 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)