Vulnerability Details CVE-2020-6012
ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links. This allows an unprivileged user to enable escalation of privilege via local access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.7%
CVSS Severity
CVSS v3 Score 7.4
CVSS v2 Score 4.4
References
- https://danishcyberdefence.dk/blog/zonealarm-check-point
- https://www.zonealarm.com/anti-ransomware/release-history
- https://www.zonealarm.com/software/extreme-security/release-history
- https://danishcyberdefence.dk/blog/zonealarm-check-point
- https://www.zonealarm.com/anti-ransomware/release-history
- https://www.zonealarm.com/software/extreme-security/release-history
Products affected by CVE-2020-6012
-
cpe:2.3:a:checkpoint:zonealarm_anti-ransomware:1.0.0601
-
cpe:2.3:a:checkpoint:zonealarm_anti-ransomware:1.0.710