Privilege Escalation in Check Point ZoneAlarm Extreme Security
CVE-2022-41604

8.8HIGH

Key Information:

Vendor
Checkpoint
Status
Zonealarm
Vendor
CVE Published:
27 September 2022

Summary

A local privilege escalation vulnerability exists in Check Point ZoneAlarm Extreme Security prior to version 15.8.211.19229. This vulnerability stems from inadequate permissions assigned to the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory. It enables a local attacker to exploit a bypass in the self-protection driver, allowing the creation of a junction directory. Through this exploit, an attacker can move arbitrary files with the privileges of NT AUTHORITY\SYSTEM, potentially leading to unauthorized access and control over sensitive system resources.

References

https://www.infigo.hr/en/insights/39/elevation-of-privile...
x_refsource_MISC
https://github.com/Wh04m1001/ZoneAlarmEoP
x_refsource_MISC
https://www.zonealarm.com/software/extreme-security/relea...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.