VAR-201903-1454
Vulnerability from variot - Updated: 2023-12-18 13:52Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM. Check Point ZoneAlarm Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Check Point ZoneAlarm is prone to a local arbitrary code-execution vulnerability. ZoneAlarm version 15.3.064.17729 and prior are vulnerable. Check Point ZoneAlarm is a network firewall program of Israel Check Point Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1454",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zonealarm",
"scope": "lte",
"trust": 1.0,
"vendor": "checkpoint",
"version": "15.3.064.17729"
},
{
"model": "zonealarm",
"scope": "lte",
"trust": 0.8,
"vendor": "check point",
"version": "15.3.064.17729"
},
{
"model": "zonealarm free firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "15.3.064.17729"
},
{
"model": "zonealarm free firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "15.0.123.17051"
},
{
"model": "zonealarm free firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "14.3.119.000"
},
{
"model": "zonealarm free firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "14.0.522.000"
},
{
"model": "zonealarm free firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "14.0.157.000"
},
{
"model": "zonealarm free firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "13.3.209.000"
},
{
"model": "zonealarm free firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "12.0.104.000"
},
{
"model": "zonealarm free firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "11.0.780.000"
},
{
"model": "zonealarm free firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "10.2.078.000"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+15.3.064.17729"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+15.0.123.17051"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+14.3.119.000"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+14.0.522.000"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+14.0.157.000"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+13.3.209.000"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+12.0.104.000"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+11.0.780.000"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+10.2.078.000"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+10.2.068.000"
},
{
"model": "zonealarm free firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "checkpoint",
"version": "15.4.062.17802"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+15.4.062.17802"
}
],
"sources": [
{
"db": "BID",
"id": "107254"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"db": "NVD",
"id": "CVE-2018-8790"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:checkpoint:zonealarm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.3.064.17729",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8790"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Anastasio of Illumant",
"sources": [
{
"db": "BID",
"id": "107254"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
],
"trust": 0.9
},
"cve": "CVE-2018-8790",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-8790",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-138822",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-8790",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8790",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-009",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-138822",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138822"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"db": "NVD",
"id": "CVE-2018-8790"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM. Check Point ZoneAlarm Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Check Point ZoneAlarm is prone to a local arbitrary code-execution vulnerability. \nZoneAlarm version 15.3.064.17729 and prior are vulnerable. Check Point ZoneAlarm is a network firewall program of Israel Check Point Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8790"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"db": "BID",
"id": "107254"
},
{
"db": "VULHUB",
"id": "VHN-138822"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8790",
"trust": 2.8
},
{
"db": "BID",
"id": "107254",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014678",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-009",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-138822",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138822"
},
{
"db": "BID",
"id": "107254"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"db": "NVD",
"id": "CVE-2018-8790"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
]
},
"id": "VAR-201903-1454",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-138822"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:52:23.217000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ZoneAlarm Free Antivirus + Firewall Release History",
"trust": 0.8,
"url": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.062.17802"
},
{
"title": "ZoneAlarm Free Firewall Release History",
"trust": 0.8,
"url": "https://www.zonealarm.com/software/release-history/zafree.html#15.4.062.17802"
},
{
"title": "sk142952",
"trust": 0.8,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk142952"
},
{
"title": "Check Point ZoneAlarm Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89821"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"db": "NVD",
"id": "CVE-2018-8790"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/107254"
},
{
"trust": 2.0,
"url": "https://www.zonealarm.com/software/release-history/zafree.html#15.4.062.17802"
},
{
"trust": 1.9,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk142952"
},
{
"trust": 1.7,
"url": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.062.17802"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8790"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8790"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/check-point-zonealarm-privilege-escalation-via-wcf-service-28645"
},
{
"trust": 0.3,
"url": "https://www.zonealarm.com/software/release-history/zafavfw.html"
},
{
"trust": 0.3,
"url": "http://www.zonealarm.com/"
},
{
"trust": 0.1,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026amp;solutionid=sk142952"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138822"
},
{
"db": "BID",
"id": "107254"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"db": "NVD",
"id": "CVE-2018-8790"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-138822"
},
{
"db": "BID",
"id": "107254"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"db": "NVD",
"id": "CVE-2018-8790"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-01T00:00:00",
"db": "VULHUB",
"id": "VHN-138822"
},
{
"date": "2019-03-01T00:00:00",
"db": "BID",
"id": "107254"
},
{
"date": "2019-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"date": "2019-03-01T16:29:00.247000",
"db": "NVD",
"id": "CVE-2018-8790"
},
{
"date": "2019-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138822"
},
{
"date": "2019-03-01T00:00:00",
"db": "BID",
"id": "107254"
},
{
"date": "2019-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"date": "2019-10-09T23:42:53.193000",
"db": "NVD",
"id": "CVE-2018-8790"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "107254"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Check Point ZoneAlarm Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014678"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…