HIGH🇵🇱 Wersja polska

CVE-2024-6233

CVSS 7.8v3.0pub. 2024-11-22upd. 2026-01-15

Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Forensic Recorder service. By creating a symbolic link, an attacker can abuse the service to overwrite arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21677.

CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Checkpoint Zonealarm Extreme Security Nextgen

    APP
    Checkpoint
    4.0.148
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCELPE
CWE
References

Related vulnerabilities

CVE-2024-24910HIGH7.3ten sam produkt

A local attacker can erscalate privileges on affected Check Point ZoneAlarm ExtremeSecurity NextGen, Identity ...

CVE-2026-50751CRITICAL9.3⚠ KEVPL ✓ten sam vendor

Auth Bypass w Check Point VPN — pominięcie uwierzytelnienia przez błąd IKEv1

CVE-2019-8459CRITICAL9.8ten sam vendor

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process ...

CVE-2024-24919HIGH8.6⚠ KEVten sam vendor

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected t...

CVE-2025-3831HIGH8.1ten sam vendor

Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized p...