Vulnerability Details : CVE-2019-8455
A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.
Published
2019-04-17 15:29:01
Updated
2020-10-22 17:16:22
Products affected by CVE-2019-8455
- cpe:2.3:a:checkpoint:zonealarm:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-8455
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-8455
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.6
|
LOW | AV:L/AC:L/Au:N/C:P/I:P/A:N |
3.9
|
4.9
|
NIST | |
|
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
1.8
|
5.2
|
NIST |
CWE ids for CVE-2019-8455
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
-
The product, when opening a file or directory, does not sufficiently handle when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.Assigned by: cve@checkpoint.com (Secondary)
References for CVE-2019-8455
-
https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960
ZoneAlarm Free Antivirus + Firewall release history official page | ZoneAlarmVendor Advisory
-
http://www.securityfocus.com/bid/108029
Check Point ZoneAlarm Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
Jump to