CVE-2019-8453

EPSS 0.03%
Veröffentlicht 17.04.2019 15:29:01
Zuletzt bearbeitet 21.11.2024 04:49:55
Quelle cve@checkpoint.com
CVE-Watchlists
Login
Unerledigt
Login

Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Checkpoint ≫ Zonealarm Version <= 15.4.062

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.063

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P

CWE-114 Process Control

Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

http://www.securityfocus.com/bid/108029

https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-8453

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-8453

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-8453

EUVD