CVE Vulnerability

CVE-2022-41604

Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%CheckPointZoneAlarmDataUpdates directory, and a self-protection driver bypass that allows creation of a junction directory. This can be leveraged to perform an arbitrary file move as NT AUTHORITYSYSTEM.

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2 / Impact : 6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.infigo.hr/en/insights/39/elevation-of-privilege-in-zonealarm-extreme-security/ Third Party Advisory
https://github.com/Wh04m1001/ZoneAlarmEoP Exploit Release Notes
https://www.zonealarm.com/software/extreme-security/release-history Release Notes Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:checkpoint:zonealarm:*:*:*:*:*:*:*:*
Information

Published : 2022-09-27 11:15

Updated : 2022-09-30 02:59

NVD link : CVE-2022-41604

Mitre link : CVE-2022-41604

Products Affected
No products.
CWE
CWE-269