CVE-2020-6012

7.4HIGH

Key Information

Vendor: Checkpoint
Status: Zonealarm Anti-ransomware
Vendor: CVE Published:; 4 August 2020

Summary

ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links. This allows an unprivileged user to enable escalation of privilege via local access.

Affected Version(s)

ZoneAlarm Anti-Ransomware = before 1.0.713

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Aug 4, 2020
Vulnerability Reserved.
Jan 7, 2020

Collectors

NVD DatabaseMitre Database