{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-24910", "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "state": "PUBLISHED", "assignerShortName": "checkpoint", "dateReserved": "2024-02-01T15:19:26.278Z", "datePublished": "2024-04-18T17:35:42.688Z", "dateUpdated": "2024-08-01T23:36:20.218Z"}, "containers": {"cna": {"affected": [{"product": "ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, Identity Agent for Windows Terminal Server", "vendor": "checkpoint", "versions": [{"status": "affected", "version": "ZoneAlarm Extreme Security NextGen - versions lower than 4.2.7, Identity Agent for Windows - versions lower than R81.070.0000, Identity Agent for Windows Terminal Server - versions lower than R81.070.0000"}]}], "title": "Local privilege escalation in Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server via crafted DLL file", "descriptions": [{"lang": "en", "value": "A local attacker can escalate privileges on affected Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "shortName": "checkpoint", "dateUpdated": "2024-04-18T17:35:42.688Z"}, "references": [{"url": "https://support.checkpoint.com/results/sk/sk182219"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-24910", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-25T19:46:15.022279Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:checkpoint:identity_agent:-:*:*:*:*:*:*:*"], "vendor": "checkpoint", "product": "identity_agent", "versions": [{"status": "affected", "version": "0", "lessThan": "R81.070.0000", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:checkpoint:zonealarm_extreme_security:*:*:*:*:*:*:*:*"], "vendor": "checkpoint", "product": "zonealarm_extreme_security", "versions": [{"status": "affected", "version": "0", "lessThan": "4.2.7", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:43:02.280Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:36:20.218Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.checkpoint.com/results/sk/sk182219", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.checkpoint.com/results/sk/sk182219", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:36:20.218Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-24910", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-25T19:46:15.022279Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:checkpoint:identity_agent:-:*:*:*:*:*:*:*"], "vendor": "checkpoint", "product": "identity_agent", "versions": [{"status": "affected", "version": "0", "lessThan": "R81.070.0000", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:checkpoint:zonealarm_extreme_security:*:*:*:*:*:*:*:*"], "vendor": "checkpoint", "product": "zonealarm_extreme_security", "versions": [{"status": "affected", "version": "0", "lessThan": "4.2.7", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-25T19:45:45.084Z"}}], "cna": {"title": "Local privilege escalation in Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server via crafted DLL file", "affected": [{"vendor": "checkpoint", "product": "ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, Identity Agent for Windows Terminal Server", "versions": [{"status": "affected", "version": "ZoneAlarm Extreme Security NextGen - versions lower than 4.2.7, Identity Agent for Windows - versions lower than R81.070.0000, Identity Agent for Windows Terminal Server - versions lower than R81.070.0000"}]}], "references": [{"url": "https://support.checkpoint.com/results/sk/sk182219"}], "descriptions": [{"lang": "en", "value": "A local attacker can escalate privileges on affected Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "shortName": "checkpoint", "dateUpdated": "2024-04-18T17:35:42.688Z"}}}, "cveMetadata": {"cveId": "CVE-2024-24910", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:36:20.218Z", "dateReserved": "2024-02-01T15:19:26.278Z", "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "datePublished": "2024-04-18T17:35:42.688Z", "assignerShortName": "checkpoint"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A local attacker can escalate privileges on affected Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system."}, {"lang": "es", "value": "Un atacante local puede escalar privilegios en Check Point ZoneAlarm Extreme Security NextGen, Identity Agent para Windows y Identity Agent para Windows Terminal Server afectados. Para aprovechar esta vulnerabilidad, un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo privilegiado local en el sistema de destino."}], "id": "CVE-2024-24910", "lastModified": "2024-07-03T01:48:29.673", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-18T18:15:09.197", "references": [{"source": "cve@checkpoint.com", "url": "https://support.checkpoint.com/results/sk/sk182219"}], "sourceIdentifier": "cve@checkpoint.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "cve@checkpoint.com", "type": "Secondary"}]}

{}