PT-2020-18888 · Microsoft+1 · Windows+1

Published

2020-07-02

Updated

2020-07-13

CVE-2020-6013

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ZoneAlarm Firewall and Antivirus products versions prior to 15.8.109.18436

Description The issue allows an attacker with existing system access to execute code at elevated privileges. This is achieved through a combination of file permission manipulation and exploitation of a Windows vulnerability on unpatched systems.

Recommendations For versions prior to 15.8.109.18436, update to version 15.8.109.18436 or later to resolve the issue. As a temporary workaround, consider restricting file system permissions to minimize the risk of exploitation. Additionally, ensure that the Windows system is fully patched to prevent exploitation of related Windows vulnerabilities.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-65CWE-269

Related Identifiers

CVE-2020-6013

ZDI-20-803

Affected Products

Windows

Zonealarm Firewall/Antivirus

PT-2020-18888 · Microsoft+1 · Windows+1

CVE-2020-6013

Weakness Enumeration

Related Identifiers

Affected Products

References · 5