Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This can be leveraged to perform an arbitrary file move as NT AUTHORITY\SYSTEM.
References
Link | Resource |
---|---|
https://github.com/Wh04m1001/ZoneAlarmEoP | Exploit Release Notes Third Party Advisory |
https://www.infigo.hr/en/insights/39/elevation-of-privilege-in-zonealarm-extreme-security/ | Third Party Advisory |
https://www.zonealarm.com/software/extreme-security/release-history | Release Notes Vendor Advisory |
Configurations
History
30 Sep 2022, 14:59
Type | Values Removed | Values Added |
---|---|---|
First Time |
Checkpoint zonealarm
Checkpoint |
|
CWE | CWE-269 | |
References | (MISC) https://www.infigo.hr/en/insights/39/elevation-of-privilege-in-zonealarm-extreme-security/ - Third Party Advisory | |
References | (MISC) https://www.zonealarm.com/software/extreme-security/release-history - Release Notes, Vendor Advisory | |
References | (MISC) https://github.com/Wh04m1001/ZoneAlarmEoP - Exploit, Release Notes, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:checkpoint:zonealarm:*:*:*:*:*:*:*:* |
27 Sep 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-27 23:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-41604
Mitre link : CVE-2022-41604
CVE.ORG link : CVE-2022-41604
JSON object : View
Products Affected
checkpoint
- zonealarm
CWE
CWE-269
Improper Privilege Management