CVE-2022-41604
First published: Tue Sep 27 2022(Updated: )
Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This can be leveraged to perform an arbitrary file move as NT AUTHORITY\SYSTEM.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Checkpoint Zonealarm | <15.8.211.19229 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-41604.
What is the severity level of CVE-2022-41604?
CVE-2022-41604 has a severity level of 8.8 (high).
What software version is affected by CVE-2022-41604?
The software version affected by CVE-2022-41604 is Check Point ZoneAlarm Extreme Security before 15.8.211.19229.
How can a local user escalate privileges with CVE-2022-41604?
A local user can escalate privileges with CVE-2022-41604 by exploiting weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory and bypassing the self-protection driver to create a junction directory.
Is there a fix available for CVE-2022-41604?
Yes, the fix for CVE-2022-41604 is to update Check Point ZoneAlarm Extreme Security to version 15.8.211.19229 or later.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/checkpoint
- canonical/checkpoint zonealarm