Free Trial

CVE-2022-41604 : CHECK POINT ZONEALARM EXTREME SECURITY PRIOR 15.8.211.19229 UPDATES PERMISSION

Description

Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This can be leveraged to perform an arbitrary file move as NT AUTHORITY\SYSTEM.

References

https://github.com/Wh04m1001/ZoneAlarmEoP

https://www.infigo.hr/en/insights/39/elevation-of-privilege-in-zonealarm-extreme-security/

https://www.zonealarm.com/software/extreme-security/release-history

For More Information

MITRE

Common Vulnerabilityies and Exposures

CVE-2022-41604 : CHECK POINT ZONEALARM EXTREME SECURITY PRIOR 15.8.211.19229 UPDATES PERMISSION
CVE-2022-41604 : CHECK POINT ZONEALARM EXTREME SECURITY PRIOR 15.8.211.19229 UPDATES PERMISSION

Contact us to get started

CVE-2023-5288 : SICK SIM1012 Access Control

CVE-2023-5288 : SICK SIM1012 Access Control

Description A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary

Learn more
CVE-2023-44466 : Linux Kernel up to 6.4.4 Ceph File System net/ceph/messenger_v2.c Buffer Overflow

CVE-2023-44466 : Linux Kernel up to 6.4.4 Ceph File System net/ceph/messenger_v2.c Buffer Overflow

Description An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading

Learn more
CVE-2023-20252 : CISCO CATALYST SD-WAN MANAGER SAML API IMPROPER AUTHENTICATION

CVE-2023-20252 : CISCO CATALYST SD-WAN MANAGER SAML API IMPROPER AUTHENTICATION

Description A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an

Learn more