Lucene search

[email protected]NVD:CVE-2019-8459

HistoryJun 20, 2019 - 5:15 p.m.

CVE-2019-8459

2019-06-2017:15:10

CWE-428

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

60.7%

JSON

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.

Affected configurations

Nvd

Node

checkpointjumbo_hotfix_for_endpoint_security_serverRange<r77.30

Node

checkpointendpoint_security_server_packageRange<r77.30.03gaia

Node

checkpointsmartconsole_for_endpoint_security_serverRange<r77.30.03

checkpointsmartconsole_for_endpoint_security_serverMatche80.83

Node

checkpointendpoint_security_clientsRange<e80.83windows

Node

checkpointremote_access_clientsRange<e80.83windows

Node

checkpointcapsule_docs_standalone_clientRange<e80.82

VendorProductVersionCPE
checkpointjumbo_hotfix_for_endpoint_security_server*cpe:2.3:a:checkpoint:jumbo_hotfix_for_endpoint_security_server:*:*:*:*:*:*:*:*
checkpointendpoint_security_server_package*cpe:2.3:a:checkpoint:endpoint_security_server_package:*:*:*:*:gaia:*:*:*
checkpointsmartconsole_for_endpoint_security_server*cpe:2.3:a:checkpoint:smartconsole_for_endpoint_security_server:*:*:*:*:*:*:*:*
checkpointsmartconsole_for_endpoint_security_servere80.83cpe:2.3:a:checkpoint:smartconsole_for_endpoint_security_server:e80.83:*:*:*:*:*:*:*
checkpointendpoint_security_clients*cpe:2.3:a:checkpoint:endpoint_security_clients:*:*:*:*:*:windows:*:*
checkpointremote_access_clients*cpe:2.3:a:checkpoint:remote_access_clients:*:*:*:*:*:windows:*:*
checkpointcapsule_docs_standalone_client*cpe:2.3:a:checkpoint:capsule_docs_standalone_client:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
checkpoint	jumbo_hotfix_for_endpoint_security_server	*	cpe:2.3:a:checkpoint:jumbo_hotfix_for_endpoint_security_server::::::::
checkpoint	endpoint_security_server_package	*	cpe:2.3:a:checkpoint:endpoint_security_server_package:::::gaia:::*
checkpoint	smartconsole_for_endpoint_security_server	*	cpe:2.3:a:checkpoint:smartconsole_for_endpoint_security_server::::::::
checkpoint	smartconsole_for_endpoint_security_server	e80.83	cpe:2.3:a:checkpoint:smartconsole_for_endpoint_security_server:e80.83:::::::*
checkpoint	endpoint_security_clients	*	cpe:2.3:a:checkpoint:endpoint_security_clients::::::windows::*
checkpoint	remote_access_clients	*	cpe:2.3:a:checkpoint:remote_access_clients::::::windows::*
checkpoint	capsule_docs_standalone_client	*	cpe:2.3:a:checkpoint:capsule_docs_standalone_client::::::::

References

supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk124972#Resolved%20Issues

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

60.7%

JSON

Related for NVD:CVE-2019-8459

prion1 cvelist1 cve1