CVE-2022-41604
Severity CVSS v4.0:
Pending analysis
Type:
CWE-269
Improper Privilege Management
Publication date:
27/09/2022
Last modified:
22/05/2025
Description
Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This can be leveraged to perform an arbitrary file move as NT AUTHORITY\SYSTEM.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:checkpoint:zonealarm:*:*:*:*:*:*:*:* | 15.8.211.19229 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/Wh04m1001/ZoneAlarmEoP
- https://www.infigo.hr/en/insights/39/elevation-of-privilege-in-zonealarm-extreme-security/
- https://www.zonealarm.com/software/extreme-security/release-history
- https://github.com/Wh04m1001/ZoneAlarmEoP
- https://www.infigo.hr/en/insights/39/elevation-of-privilege-in-zonealarm-extreme-security/
- https://www.zonealarm.com/software/extreme-security/release-history