{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-24910", "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "state": "PUBLISHED", "assignerShortName": "checkpoint", "dateReserved": "2024-02-01T15:19:26.278Z", "datePublished": "2024-04-18T17:35:42.688Z", "dateUpdated": "2024-06-04T17:43:02.280Z"}, "containers": {"cna": {"affected": [{"product": "ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, Identity Agent for Windows Terminal Server", "vendor": "checkpoint", "versions": [{"status": "affected", "version": "ZoneAlarm Extreme Security NextGen - versions lower than 4.2.7, Identity Agent for Windows - versions lower than R81.070.0000, Identity Agent for Windows Terminal Server - versions lower than R81.070.0000"}]}], "title": "Local privilege escalation in Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server via crafted DLL file", "descriptions": [{"lang": "en", "value": "A local attacker can escalate privileges on affected Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "shortName": "checkpoint", "dateUpdated": "2024-04-18T17:35:42.688Z"}, "references": [{"url": "https://support.checkpoint.com/results/sk/sk182219"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-24910", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-25T19:46:15.022279Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:checkpoint:identity_agent:-:*:*:*:*:*:*:*"], "vendor": "checkpoint", "product": "identity_agent", "versions": [{"status": "affected", "version": "0", "lessThan": "R81.070.0000", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:checkpoint:zonealarm_extreme_security:*:*:*:*:*:*:*:*"], "vendor": "checkpoint", "product": "zonealarm_extreme_security", "versions": [{"status": "affected", "version": "0", "lessThan": "4.2.7", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:43:02.280Z"}}]}}

{"descriptions": [{"lang": "en", "value": "A local attacker can escalate privileges on affected Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system."}], "id": "CVE-2024-24910", "lastModified": "2024-04-18T18:25:55.267", "metrics": {}, "published": "2024-04-18T18:15:09.197", "references": [{"source": "cve@checkpoint.com", "url": "https://support.checkpoint.com/results/sk/sk182219"}], "sourceIdentifier": "cve@checkpoint.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "cve@checkpoint.com", "type": "Secondary"}]}

{}