CVE-2020-6013
06.07.2020, 18:15
ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker who already has access to the system to execute code at elevated privileges through a combination of file permission manipulation and exploitation of Windows CVE-2020-00896 on unpatched systems.Enginsight
| Vendor | Product | Version |
|---|---|---|
| checkpoint | zonealarm_extreme_security | 𝑥 < 15.8.109.18436 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-65 - Windows Hard LinkThe software, when opening a file or directory, does not sufficiently handle when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.