CVE-2022-23743
First published: Wed May 11 2022(Updated: )
Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.192119
Credit: cve@checkpoint.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Checkpoint Zonealarm | <15.8.211.192119 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Check Point ZoneAlarm vulnerability?
The vulnerability ID for this Check Point ZoneAlarm vulnerability is CVE-2022-23743.
What is the severity of CVE-2022-23743?
The severity of CVE-2022-23743 is high with a CVSS score of 7.8.
What is the affected software for CVE-2022-23743?
The affected software for CVE-2022-23743 is Check Point ZoneAlarm before version 15.8.200.19118.
What are the permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory?
There are weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory.
How can an attacker exploit CVE-2022-23743?
An attacker can escalate privileges during the upgrade process and execute an arbitrary file write.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/first-publish-date
- agent/source
- vendor/checkpoint
- canonical/checkpoint zonealarm