![checkpoint endpoint-security]()
CVE-2019-8452 vulnerability in Check Point Software Products
Published on April 22, 2019
A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.
Weakness Type
Windows Hard Link
The software, when opening a file or directory, does not sufficiently handle when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files. Failure for a system to check for hard links can result in vulnerability to different types of attacks. For example, an attacker can escalate their privileges if a file used by a privileged program is replaced with a hard link to a sensitive file (e.g. AUTOEXEC.BAT). When the process opens the file, the attacker can assume the privileges of that process, or prevent the program from accurately processing data.
Products Associated with CVE-2019-8452
stack.watch emails you whenever new vulnerabilities are published in Check Point Software Endpoint Security or Check Point Software Zonealarm. Just hit a watch button to start following.
Affected Versions
Check Point ZoneAlarm:- Version Check Point ZoneAlarm up to 15.4.062 is affected.
- Version Check Point Endpoint Security client for Windows before E80.96 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.