CVE-2024-46467
📋 TL;DR
ZONEPOINT for Windows has insecure default folder permissions that allow other users to access technical files. This could enable privilege escalation by modifying files to execute tasks with higher privileges. All users running ZONEPOINT for Windows with default configuration are affected.
💻 Affected Systems
- ZONEPOINT for Windows
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain administrative privileges on the system, leading to complete system compromise, data theft, or ransomware deployment.
Likely Case
Local users escalate privileges to perform unauthorized administrative actions or access sensitive data.
If Mitigated
Limited impact with proper folder permissions and access controls in place.
🎯 Exploit Status
Exploitation requires local access to the system and knowledge of ZONEPOINT folder structure. No public exploit code identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.1 or later (post-fix version)
Vendor Advisory: https://www.primx.eu/en/bulletins/security-bulletin-24932299/
Restart Required: Yes
Instructions:
1. Download latest ZONEPOINT version from vendor. 2. Install update following vendor instructions. 3. Restart system to apply changes. 4. Verify folder permissions are properly configured.
🔧 Temporary Workarounds
Restrict ZONEPOINT Folder Permissions
windowsManually modify folder permissions to restrict access to authorized users only.
icacls "C:\Program Files\ZONEPOINT\" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" /grant:r "Administrators:(OI)(CI)F" /grant:r "<AuthorizedUser>:(OI)(CI)RX"
🧯 If You Can't Patch
- Apply strict folder permissions to ZONEPOINT directories using Windows ACLs
- Implement least privilege access controls and monitor for unauthorized file access attempts
🔍 How to Verify
Check if Vulnerable:
Check ZONEPOINT folder permissions: icacls "C:\Program Files\ZONEPOINT\" - If 'Everyone' or 'Users' group has write/modify permissions, system is vulnerable.Check Version:
Check ZONEPOINT version in Control Panel > Programs and Features or via vendor documentationVerify Fix Applied:
Verify folder permissions are restricted: icacls "C:\Program Files\ZONEPOINT\" should show only SYSTEM, Administrators, and authorized users with appropriate permissions.📡 Detection & Monitoring
Log Indicators:
- Windows Security Event ID 4663 (File system access) showing unauthorized access to ZONEPOINT folders
- Unexpected privilege escalation events
- Modifications to ZONEPOINT technical files
Network Indicators:
- Not applicable - local privilege escalation
SIEM Query:
EventID=4663 AND ObjectName LIKE "%ZONEPOINT%" AND SubjectUserName NOT IN ("SYSTEM", "Administrator", <authorized_users>)