CVE-2020-6013 : Security Advisory and Response

ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker to execute code at elevated privileges through a combination of file permission manipulation and exploitation of Windows CVE-2020-00896 on unpatched systems.

Understanding CVE-2020-6013

ZoneAlarm Firewall and Antivirus products vulnerability

What is CVE-2020-6013?

CVE-2020-6013 is a vulnerability in Check Point ZoneAlarm products that enables an attacker with system access to execute code at elevated privileges.

The Impact of CVE-2020-6013

This vulnerability allows attackers to escalate privileges and execute malicious code on affected systems, potentially leading to further compromise and data breaches.

Technical Details of CVE-2020-6013

Details of the vulnerability

Vulnerability Description

The vulnerability in ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allows attackers to exploit Windows CVE-2020-00896 on unpatched systems, gaining elevated privileges through file permission manipulation.

Affected Systems and Versions

Product: Check Point ZoneAlarm
Versions Affected: Before 15.8.109.18436

Exploitation Mechanism

Attackers who already have access to the system can exploit this vulnerability by manipulating file permissions and leveraging the unpatched Windows CVE-2020-00896.

Mitigation and Prevention

Protecting against CVE-2020-6013

Immediate Steps to Take

Update ZoneAlarm products to version 15.8.109.18436 or later to mitigate the vulnerability.
Monitor system activity for any signs of unauthorized access or privilege escalation.

Long-Term Security Practices

Implement regular security updates and patches for all software and operating systems.
Conduct security training for users to recognize and report suspicious activities.

Patching and Updates

Regularly check for updates and patches from Check Point for ZoneAlarm products to address security vulnerabilities and enhance system protection.