Lucene search

[email protected]NVD:CVE-2020-6020

HistorySep 24, 2020 - 2:15 p.m.

CVE-2020-6020

2020-09-2414:15:13

CWE-20

[email protected]

web.nvd.nist.gov

check point security management

internal ca

web management

vulnerability

weak input validation

high privileged user

manipulation

crash

CVSS2

7.4

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:C/I:C/A:P

CVSS3

6.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

EPSS

Percentile

12.6%

JSON

Check Point Security Management’s Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator.

Affected configurations

Nvd

Node

checkpointica_management_portalRange<r80.20

checkpointica_management_portalMatchr80.20-

checkpointica_management_portalMatchr80.20take_156

Node

checkpointica_management_portalRange<r80.30

checkpointica_management_portalMatchr80.30-

checkpointica_management_portalMatchr80.30take_200

Node

checkpointica_management_portalRange<r80.40

checkpointica_management_portalMatchr80.40-

Node

checkpointica_management_portalRange<r80.10

checkpointica_management_portalMatchr80.10-

VendorProductVersionCPE
checkpointica_management_portal*cpe:2.3:a:checkpoint:ica_management_portal:*:*:*:*:*:*:*:*
checkpointica_management_portalr80.20cpe:2.3:a:checkpoint:ica_management_portal:r80.20:-:*:*:*:*:*:*
checkpointica_management_portalr80.20cpe:2.3:a:checkpoint:ica_management_portal:r80.20:take_156:*:*:*:*:*:*
checkpointica_management_portalr80.30cpe:2.3:a:checkpoint:ica_management_portal:r80.30:-:*:*:*:*:*:*
checkpointica_management_portalr80.30cpe:2.3:a:checkpoint:ica_management_portal:r80.30:take_200:*:*:*:*:*:*
checkpointica_management_portalr80.40cpe:2.3:a:checkpoint:ica_management_portal:r80.40:-:*:*:*:*:*:*
checkpointica_management_portalr80.10cpe:2.3:a:checkpoint:ica_management_portal:r80.10:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
checkpoint	ica_management_portal	*	cpe:2.3:a:checkpoint:ica_management_portal::::::::
checkpoint	ica_management_portal	r80.20	cpe:2.3:a:checkpoint:ica_management_portal:r80.20:-::::::
checkpoint	ica_management_portal	r80.20	cpe:2.3:a:checkpoint:ica_management_portal:r80.20:take_156::::::
checkpoint	ica_management_portal	r80.30	cpe:2.3:a:checkpoint:ica_management_portal:r80.30:-::::::
checkpoint	ica_management_portal	r80.30	cpe:2.3:a:checkpoint:ica_management_portal:r80.30:take_200::::::
checkpoint	ica_management_portal	r80.40	cpe:2.3:a:checkpoint:ica_management_portal:r80.40:-::::::
checkpoint	ica_management_portal	r80.10	cpe:2.3:a:checkpoint:ica_management_portal:r80.10:-::::::

References

supportcontent.checkpoint.com/solutions?id=sk142952

CVSS2

7.4

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:C/I:C/A:P

CVSS3

6.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2020-6020

cvelist1 prion1 cve1