CVE-2019-8455

A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.

Published: Apr 17, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-8455
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Low
Score: 3.6
AV:L/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-59

Affected Software
References

Software	From	Fixed in
checkpoint / zonealarm	-	15.4.062.x

http://www.securityfocus.com/bid/108029
https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960

Vulnerability Database

289,697

CVE-2019-8455