CVE-2024-6233

CVSS 3.0 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
CWE ID 59

Summary

CVE-2024-6233 is a privilege escalation vulnerability affecting Check Point ZoneAlarm Extreme Security. Local attackers can exploit this flaw by manipulating the Forensic Recorder service through the creation of a symbolic link. This allows them to overwrite arbitrary files and ultimately escalate privileges, gaining the ability to execute code with SYSTEM-level access. Exploitation requires an attacker to initially have low-privileged code execution on the target system. This vulnerability, originally identified as ZDI-CAN-21677, poses a significant risk to affected installations.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share