Sign-up

ID

VAR-201904-0203


CVE

CVE-2019-8455


TITLE

Check Point ZoneAlarm Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003804

DESCRIPTION

A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file. Check Point ZoneAlarm is prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. An insecure-file-permissions vulnerability Attackers can exploit these issues to cause denial-of-service conditions and gain elevated privileges on an affected system that may lead to further attacks. Check Point ZoneAlarm version 15.4.062 and prior are vulnerable

Trust: 1.98

sources: NVD: CVE-2019-8455 // JVNDB: JVNDB-2019-003804 // BID: 108029 // VULHUB: VHN-159890

AFFECTED PRODUCTS

vendor:checkpointmodel:zonealarmscope:lteversion:15.4.062

Trust: 1.0

vendor:check pointmodel:zonealarmscope:lteversion:15.4.062

Trust: 0.8

vendor:checkpointmodel:zonealarm free antivirus firewallscope:eqversion:+15.4.62

Trust: 0.3

vendor:checkpointmodel:zonealarm free antivirus firewallscope:eqversion:+15.3.064.17729

Trust: 0.3

vendor:checkpointmodel:zonealarm free antivirus firewallscope:eqversion:+15.0.123.17051

Trust: 0.3

vendor:checkpointmodel:zonealarm free antivirus firewallscope:eqversion:+14.3.119.000

Trust: 0.3

vendor:checkpointmodel:zonealarm free antivirus firewallscope:eqversion:+14.0.522.000

Trust: 0.3

vendor:checkpointmodel:zonealarm free antivirus firewallscope:eqversion:+14.0.157.000

Trust: 0.3

vendor:checkpointmodel:zonealarm free antivirus firewallscope:eqversion:+13.3.209.000

Trust: 0.3

vendor:checkpointmodel:zonealarm free antivirus firewallscope:eqversion:+12.0.104.000

Trust: 0.3

vendor:checkpointmodel:zonealarm free antivirus firewallscope:eqversion:+11.0.780.000

Trust: 0.3

vendor:checkpointmodel:zonealarm free antivirus firewallscope:eqversion:+10.2.078.000

Trust: 0.3

vendor:checkpointmodel:zonealarm free antivirus firewallscope:eqversion:+10.2.068.000

Trust: 0.3

vendor:checkpointmodel:zonealarm free antivirus firewallscope:neversion:+15.4.260.17960

Trust: 0.3

sources: BID: 108029 // JVNDB: JVNDB-2019-003804 // NVD: CVE-2019-8455

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8455
value: HIGH

Trust: 1.0

NVD: CVE-2019-8455
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-860
value: HIGH

Trust: 0.6

VULHUB: VHN-159890
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-8455
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-159890
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8455
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-8455
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-159890 // JVNDB: JVNDB-2019-003804 // CNNVD: CNNVD-201904-860 // NVD: CVE-2019-8455

PROBLEMTYPE DATA

problemtype:CWE-59

Trust: 1.1

problemtype:CWE-65

Trust: 1.0

problemtype:CWE-275

Trust: 0.9

sources: VULHUB: VHN-159890 // JVNDB: JVNDB-2019-003804 // NVD: CVE-2019-8455

THREAT TYPE

local

Trust: 0.9

sources: BID: 108029 // CNNVD: CNNVD-201904-860

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-201904-860

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003804

PATCH
title:ZoneAlarm Free Antivirus + Firewall Release Historyurl:https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960
Trust: 0.8
title:Check Point ZoneAlarm Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91694
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003804 // 
            
            
            
            CNNVD: CNNVD-201904-860

EXTERNAL IDS
db:NVDid:CVE-2019-8455
Trust: 2.8
db:BIDid:108029
Trust: 2.0
db:JVNDBid:JVNDB-2019-003804
Trust: 0.8
db:CNNVDid:CNNVD-201904-860
Trust: 0.7
db:VULHUBid:VHN-159890
Trust: 0.1
sources:
            
            
            VULHUB: VHN-159890 // 
            
            
            
            BID: 108029 // 
            
            
            
            JVNDB: JVNDB-2019-003804 // 
            
            
            
            CNNVD: CNNVD-201904-860 // 
            
            
            
            NVD: CVE-2019-8455

REFERENCES
url:http://www.securityfocus.com/bid/108029
Trust: 2.3
url:https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-8455
Trust: 1.4
url:http://www.checkpoint.com/index.html
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8455
Trust: 0.8
url:https://vigilance.fr/vulnerability/zonealarm-antivirus-firewall-three-vulnerabilities-29075
Trust: 0.6
url:https://www.zonealarm.com/software/release-history/zafavfw.html
Trust: 0.3
url:https://www.zonealarm.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-159890 // 
            
            
            
            BID: 108029 // 
            
            
            
            JVNDB: JVNDB-2019-003804 // 
            
            
            
            CNNVD: CNNVD-201904-860 // 
            
            
            
            NVD: CVE-2019-8455

CREDITS
Jakub Palaczynski.
Trust: 0.9
sources:
            
            
            BID: 108029 // 
            
            
            
            CNNVD: CNNVD-201904-860

SOURCES
db:VULHUBid:VHN-159890
db:BIDid:108029
db:JVNDBid:JVNDB-2019-003804
db:CNNVDid:CNNVD-201904-860
db:NVDid:CVE-2019-8455

LAST UPDATE DATE
2024-11-23T22:00:00.723000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-159890date:2020-10-22T00:00:00
db:BIDid:108029date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003804date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201904-860date:2020-10-23T00:00:00
db:NVDid:CVE-2019-8455date:2024-11-21T04:49:56.200

SOURCES RELEASE DATE
db:VULHUBid:VHN-159890date:2019-04-17T00:00:00
db:BIDid:108029date:2019-04-17T00:00:00
db:JVNDBid:JVNDB-2019-003804date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201904-860date:2019-04-17T00:00:00
db:NVDid:CVE-2019-8455date:2019-04-17T15:29:01.220