CVE-2022-23743

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.192119
References
Link Resource
https://www.zonealarm.com/software/extreme-security/release-history Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:checkpoint:zonealarm:*:*:*:*:*:*:*:*

History

30 Nov 2022, 19:15

Type Values Removed Values Added
Summary Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.192119

19 May 2022, 19:41

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : 4.6
v3 : 7.8
CPE cpe:2.3:a:checkpoint:zonealarm:*:*:*:*:*:*:*:*
References (MISC) https://www.zonealarm.com/software/extreme-security/release-history - (MISC) https://www.zonealarm.com/software/extreme-security/release-history - Release Notes, Vendor Advisory

11 May 2022, 17:20

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-11 16:15

Updated : 2024-02-04 22:29


NVD link : CVE-2022-23743

Mitre link : CVE-2022-23743

CVE.ORG link : CVE-2022-23743


JSON object : View

Products Affected

checkpoint

  • zonealarm
CWE
CWE-269

Improper Privilege Management

CWE-732

Incorrect Permission Assignment for Critical Resource