Details of VAR-201903-1454

ID

VAR-201903-1454

CVE

CVE-2018-8790

TITLE

Check Point ZoneAlarm Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-014678

DESCRIPTION

Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM. Check Point ZoneAlarm Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Check Point ZoneAlarm is prone to a local arbitrary code-execution vulnerability. ZoneAlarm version 15.3.064.17729 and prior are vulnerable. Check Point ZoneAlarm is a network firewall program of Israel Check Point Company

Trust: 1.98

sources: NVD: CVE-2018-8790 // JVNDB: JVNDB-2018-014678 // BID: 107254 // VULHUB: VHN-138822

AFFECTED PRODUCTS

vendor:	checkpoint	model:	zonealarm	scope:	lte	version:	15.3.064.17729	Trust: 1.0
vendor:	check point	model:	zonealarm	scope:	lte	version:	15.3.064.17729	Trust: 0.8
vendor:	checkpoint	model:	zonealarm free firewall	scope:	eq	version:	15.3.064.17729	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free firewall	scope:	eq	version:	15.0.123.17051	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free firewall	scope:	eq	version:	14.3.119.000	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free firewall	scope:	eq	version:	14.0.522.000	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free firewall	scope:	eq	version:	14.0.157.000	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free firewall	scope:	eq	version:	13.3.209.000	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free firewall	scope:	eq	version:	12.0.104.000	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free firewall	scope:	eq	version:	11.0.780.000	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free firewall	scope:	eq	version:	10.2.078.000	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free antivirus firewall	scope:	eq	version:	+15.3.064.17729	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free antivirus firewall	scope:	eq	version:	+15.0.123.17051	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free antivirus firewall	scope:	eq	version:	+14.3.119.000	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free antivirus firewall	scope:	eq	version:	+14.0.522.000	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free antivirus firewall	scope:	eq	version:	+14.0.157.000	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free antivirus firewall	scope:	eq	version:	+13.3.209.000	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free antivirus firewall	scope:	eq	version:	+12.0.104.000	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free antivirus firewall	scope:	eq	version:	+11.0.780.000	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free antivirus firewall	scope:	eq	version:	+10.2.078.000	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free antivirus firewall	scope:	eq	version:	+10.2.068.000	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free firewall	scope:	ne	version:	15.4.062.17802	Trust: 0.3
vendor:	checkpoint	model:	zonealarm free antivirus firewall	scope:	ne	version:	+15.4.062.17802	Trust: 0.3

sources: BID: 107254 // JVNDB: JVNDB-2018-014678 // NVD: CVE-2018-8790

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-8790
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-8790
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201903-009
value:	HIGH
Trust: 0.6
VULHUB:	VHN-138822
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-8790
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-138822
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-8790
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-138822 // JVNDB: JVNDB-2018-014678 // CNNVD: CNNVD-201903-009 // NVD: CVE-2018-8790

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-863	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2018-014678 // NVD: CVE-2018-8790

THREAT TYPE

local

Trust: 0.9

sources: BID: 107254 // CNNVD: CNNVD-201903-009

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201903-009

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014678

PATCH

title:	ZoneAlarm Free Antivirus + Firewall Release History	url:	https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.062.17802	Trust: 0.8
title:	ZoneAlarm Free Firewall Release History	url:	https://www.zonealarm.com/software/release-history/zafree.html#15.4.062.17802	Trust: 0.8
title:	sk142952	url:	https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk142952	Trust: 0.8
title:	Check Point ZoneAlarm Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89821	Trust: 0.6

sources: JVNDB: JVNDB-2018-014678 // CNNVD: CNNVD-201903-009

EXTERNAL IDS

db:	NVD	id:	CVE-2018-8790	Trust: 2.8
db:	BID	id:	107254	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-014678	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-009	Trust: 0.7
db:	VULHUB	id:	VHN-138822	Trust: 0.1

sources: VULHUB: VHN-138822 // BID: 107254 // JVNDB: JVNDB-2018-014678 // CNNVD: CNNVD-201903-009 // NVD: CVE-2018-8790

REFERENCES

url:	http://www.securityfocus.com/bid/107254	Trust: 2.3
url:	https://www.zonealarm.com/software/release-history/zafree.html#15.4.062.17802	Trust: 2.0
url:	https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk142952	Trust: 1.9
url:	https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.062.17802	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-8790	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8790	Trust: 0.8
url:	https://vigilance.fr/vulnerability/check-point-zonealarm-privilege-escalation-via-wcf-service-28645	Trust: 0.6
url:	https://www.zonealarm.com/software/release-history/zafavfw.html	Trust: 0.3
url:	http://www.zonealarm.com/	Trust: 0.3
url:	https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk142952	Trust: 0.1

sources: VULHUB: VHN-138822 // BID: 107254 // JVNDB: JVNDB-2018-014678 // CNNVD: CNNVD-201903-009 // NVD: CVE-2018-8790

CREDITS

Chris Anastasio of Illumant

Trust: 0.9

sources: BID: 107254 // CNNVD: CNNVD-201903-009

SOURCES

db:	VULHUB	id:	VHN-138822
db:	BID	id:	107254
db:	JVNDB	id:	JVNDB-2018-014678
db:	CNNVD	id:	CNNVD-201903-009
db:	NVD	id:	CVE-2018-8790

LAST UPDATE DATE

2024-11-23T21:37:34.059000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-138822	date:	2019-10-09T00:00:00
db:	BID	id:	107254	date:	2019-03-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-014678	date:	2019-04-03T00:00:00
db:	CNNVD	id:	CNNVD-201903-009	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-8790	date:	2024-11-21T04:14:19.223

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-138822	date:	2019-03-01T00:00:00
db:	BID	id:	107254	date:	2019-03-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-014678	date:	2019-04-03T00:00:00
db:	CNNVD	id:	CNNVD-201903-009	date:	2019-03-01T00:00:00
db:	NVD	id:	CVE-2018-8790	date:	2019-03-01T16:29:00.247