CVE-2019-8452
First published: Mon Apr 22 2019(Updated: )
A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.
Credit: cve@checkpoint.com cve@checkpoint.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Checkpoint Endpoint Security | <e80.96 | |
| Checkpoint Zonealarm | <=15.4.062 | |
| <e80.96 | ||
| <=15.4.062 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/154754/CheckPoint-Endpoint-Security-Client-ZoneAlarm-Privilege-Escalation.html
- https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk150012
- https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960
Frequently Asked Questions
What is the severity of CVE-2019-8452?
The severity of CVE-2019-8452 is high with a severity value of 7.8.
Which software versions are affected by CVE-2019-8452?
Check Point ZoneAlarm up to 15.4.062 and Check Point Endpoint Security client for Windows before E80.96 are affected by CVE-2019-8452.
What is the impact of CVE-2019-8452?
By creating a hard-link from a log file archive, an attacker can change the permission of a linked file, allowing all users to access it.
How can I fix CVE-2019-8452?
Apply the necessary updates and patches provided by Check Point to fix CVE-2019-8452.
Where can I find more information about CVE-2019-8452?
More information about CVE-2019-8452 can be found at the provided references: [http://packetstormsecurity.com/files/154754/CheckPoint-Endpoint-Security-Client-ZoneAlarm-Privilege-Escalation.html](http://packetstormsecurity.com/files/154754/CheckPoint-Endpoint-Security-Client-ZoneAlarm-Privilege-Escalation.html), [https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk150012](https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk150012), [https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960](https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960).
- collector/nvd-index
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/tags
- agent/source
- vendor/checkpoint
- canonical/checkpoint endpoint security
- canonical/checkpoint zonealarm
- version/checkpoint zonealarm/15.4.062