ID

VAR-202205-0900


CVE

CVE-2022-23743


TITLE

of Check Point Software Technologies  zonealarm  Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009475

DESCRIPTION

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.192119. of Check Point Software Technologies zonealarm contains vulnerabilities related to privilege management and improper assignment of permissions to critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-23743 // JVNDB: JVNDB-2022-009475 // VULHUB: VHN-412919 // VULMON: CVE-2022-23743

AFFECTED PRODUCTS

vendor:checkpointmodel:zonealarmscope:ltversion:15.8.211.192119

Trust: 1.0

vendor:チェック ポイント ソフトウェア テクノロジーズmodel:zonealarmscope: - version: -

Trust: 0.8

vendor:チェック ポイント ソフトウェア テクノロジーズmodel:zonealarmscope:eqversion:15.8.211.192119

Trust: 0.8

vendor:チェック ポイント ソフトウェア テクノロジーズmodel:zonealarmscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-009475 // NVD: CVE-2022-23743

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-23743
value: HIGH

Trust: 1.0

NVD: CVE-2022-23743
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202205-2970
value: HIGH

Trust: 0.6

VULHUB: VHN-412919
value: HIGH

Trust: 0.1

VULMON: CVE-2022-23743
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-23743
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-412919
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-23743
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-23743
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-412919 // VULMON: CVE-2022-23743 // JVNDB: JVNDB-2022-009475 // CNNVD: CNNVD-202205-2970 // NVD: CVE-2022-23743

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:CWE-732

Trust: 1.1

problemtype:Improper authority management (CWE-269) [NVD evaluation ]

Trust: 0.8

problemtype: Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-412919 // JVNDB: JVNDB-2022-009475 // NVD: CVE-2022-23743

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-2970

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-2970

PATCH

title:Check Point ZoneAlarm Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=193555

Trust: 0.6

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-23743 // CNNVD: CNNVD-202205-2970

EXTERNAL IDS

db:NVDid:CVE-2022-23743

Trust: 3.4

db:JVNDBid:JVNDB-2022-009475

Trust: 0.8

db:CNNVDid:CNNVD-202205-2970

Trust: 0.6

db:VULHUBid:VHN-412919

Trust: 0.1

db:VULMONid:CVE-2022-23743

Trust: 0.1

sources: VULHUB: VHN-412919 // VULMON: CVE-2022-23743 // JVNDB: JVNDB-2022-009475 // CNNVD: CNNVD-202205-2970 // NVD: CVE-2022-23743

REFERENCES

url:https://www.zonealarm.com/software/extreme-security/release-history

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-23743

Trust: 0.8

url:https://vigilance.fr/vulnerability/zonealarm-extreme-security-vulnerability-38314

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-23743/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/732.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-412919 // VULMON: CVE-2022-23743 // JVNDB: JVNDB-2022-009475 // CNNVD: CNNVD-202205-2970 // NVD: CVE-2022-23743

SOURCES

db:VULHUBid:VHN-412919
db:VULMONid:CVE-2022-23743
db:JVNDBid:JVNDB-2022-009475
db:CNNVDid:CNNVD-202205-2970
db:NVDid:CVE-2022-23743

LAST UPDATE DATE

2024-08-14T15:06:23.363000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-412919date:2023-02-10T00:00:00
db:VULMONid:CVE-2022-23743date:2023-02-10T00:00:00
db:JVNDBid:JVNDB-2022-009475date:2023-08-04T08:29:00
db:CNNVDid:CNNVD-202205-2970date:2023-02-13T00:00:00
db:NVDid:CVE-2022-23743date:2023-02-10T17:29:59.817

SOURCES RELEASE DATE

db:VULHUBid:VHN-412919date:2022-05-11T00:00:00
db:VULMONid:CVE-2022-23743date:2022-05-11T00:00:00
db:JVNDBid:JVNDB-2022-009475date:2023-08-04T00:00:00
db:CNNVDid:CNNVD-202205-2970date:2022-05-11T00:00:00
db:NVDid:CVE-2022-23743date:2022-05-11T16:15:09.047