var-201903-1454
Vulnerability from variot
Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM. Check Point ZoneAlarm Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Check Point ZoneAlarm is prone to a local arbitrary code-execution vulnerability. ZoneAlarm version 15.3.064.17729 and prior are vulnerable. Check Point ZoneAlarm is a network firewall program of Israel Check Point Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1454",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zonealarm",
"scope": "lte",
"trust": 1.0,
"vendor": "checkpoint",
"version": "15.3.064.17729"
},
{
"model": "zonealarm",
"scope": "lte",
"trust": 0.8,
"vendor": "check point",
"version": "15.3.064.17729"
},
{
"model": "zonealarm free firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "15.3.064.17729"
},
{
"model": "zonealarm free firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "15.0.123.17051"
},
{
"model": "zonealarm free firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "14.3.119.000"
},
{
"model": "zonealarm free firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "14.0.522.000"
},
{
"model": "zonealarm free firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "14.0.157.000"
},
{
"model": "zonealarm free firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "13.3.209.000"
},
{
"model": "zonealarm free firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "12.0.104.000"
},
{
"model": "zonealarm free firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "11.0.780.000"
},
{
"model": "zonealarm free firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "10.2.078.000"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+15.3.064.17729"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+15.0.123.17051"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+14.3.119.000"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+14.0.522.000"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+14.0.157.000"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+13.3.209.000"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+12.0.104.000"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+11.0.780.000"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+10.2.078.000"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+10.2.068.000"
},
{
"model": "zonealarm free firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "checkpoint",
"version": "15.4.062.17802"
},
{
"model": "zonealarm free antivirus firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "checkpoint",
"version": "+15.4.062.17802"
}
],
"sources": [
{
"db": "BID",
"id": "107254"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"db": "NVD",
"id": "CVE-2018-8790"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:checkpoint:zonealarm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.3.064.17729",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8790"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Anastasio of Illumant",
"sources": [
{
"db": "BID",
"id": "107254"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
],
"trust": 0.9
},
"cve": "CVE-2018-8790",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-8790",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-138822",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-8790",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8790",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-009",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-138822",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138822"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"db": "NVD",
"id": "CVE-2018-8790"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM. Check Point ZoneAlarm Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Check Point ZoneAlarm is prone to a local arbitrary code-execution vulnerability. \nZoneAlarm version 15.3.064.17729 and prior are vulnerable. Check Point ZoneAlarm is a network firewall program of Israel Check Point Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8790"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"db": "BID",
"id": "107254"
},
{
"db": "VULHUB",
"id": "VHN-138822"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8790",
"trust": 2.8
},
{
"db": "BID",
"id": "107254",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014678",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-009",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-138822",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138822"
},
{
"db": "BID",
"id": "107254"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"db": "NVD",
"id": "CVE-2018-8790"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
]
},
"id": "VAR-201903-1454",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-138822"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:52:23.217000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ZoneAlarm Free Antivirus + Firewall Release History",
"trust": 0.8,
"url": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.062.17802"
},
{
"title": "ZoneAlarm Free Firewall Release History",
"trust": 0.8,
"url": "https://www.zonealarm.com/software/release-history/zafree.html#15.4.062.17802"
},
{
"title": "sk142952",
"trust": 0.8,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk142952"
},
{
"title": "Check Point ZoneAlarm Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89821"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"db": "NVD",
"id": "CVE-2018-8790"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/107254"
},
{
"trust": 2.0,
"url": "https://www.zonealarm.com/software/release-history/zafree.html#15.4.062.17802"
},
{
"trust": 1.9,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk142952"
},
{
"trust": 1.7,
"url": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.062.17802"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8790"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8790"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/check-point-zonealarm-privilege-escalation-via-wcf-service-28645"
},
{
"trust": 0.3,
"url": "https://www.zonealarm.com/software/release-history/zafavfw.html"
},
{
"trust": 0.3,
"url": "http://www.zonealarm.com/"
},
{
"trust": 0.1,
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026amp;solutionid=sk142952"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138822"
},
{
"db": "BID",
"id": "107254"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"db": "NVD",
"id": "CVE-2018-8790"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-138822"
},
{
"db": "BID",
"id": "107254"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"db": "NVD",
"id": "CVE-2018-8790"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-01T00:00:00",
"db": "VULHUB",
"id": "VHN-138822"
},
{
"date": "2019-03-01T00:00:00",
"db": "BID",
"id": "107254"
},
{
"date": "2019-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"date": "2019-03-01T16:29:00.247000",
"db": "NVD",
"id": "CVE-2018-8790"
},
{
"date": "2019-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138822"
},
{
"date": "2019-03-01T00:00:00",
"db": "BID",
"id": "107254"
},
{
"date": "2019-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014678"
},
{
"date": "2019-10-09T23:42:53.193000",
"db": "NVD",
"id": "CVE-2018-8790"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "107254"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Check Point ZoneAlarm Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014678"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-009"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.