CVE-2022-23743 Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process.

Upgrade can be forced by an attacker, who can make an admin to upgrade a server before the expiration date by performing a silent installation.

Check Point recommends updating the server to version 15.8.200.21017 or later.
The vulnerability can be exploited by an attacker who has gained access to the server.

The update causes an interruption in the upgrade process.

Check Point recommends updating the server to version 15.8.200.21017 or later.

Vulnerability Details

A vulnerability in Check Point’s software could allow an attacker to force a server to upgrade prematurely. The vulnerability is CVE-2022-23743, which appears on the CVE database. This vulnerability can be exploited by an attacker who has gained access to the server.
The update causes an interruption in the upgrade process, causing customers to lose their customization settings and not have access to any of their data.

Check Point Vulnerability Discovery Program

This vulnerability was found in Check Point's endpoint security products, specifically the FireWall-1 and Threat Management Gateway (TMG).

The vulnerability is inherent in the installation process. An attacker can exploit this flaw to force a silent upgrade of the endpoints.

Timeline

Published on: 05/11/2022 16:15:00 UTC
Last modified on: 05/19/2022 19:41:00 UTC

References