CVE-2020-6024
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.1%
Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| checkpoint | smartconsole | * | cpe:2.3:a:checkpoint:smartconsole:*:*:*:*:*:*:*:* |
| checkpoint | smartconsole | r80.20 | cpe:2.3:a:checkpoint:smartconsole:r80.20:*:*:*:*:*:*:* |
| checkpoint | smartconsole | r80.30 | cpe:2.3:a:checkpoint:smartconsole:r80.30:*:*:*:*:*:*:* |
| checkpoint | smartconsole | r80.40 | cpe:2.3:a:checkpoint:smartconsole:r80.40:*:*:*:*:*:*:* |
| checkpoint | smartconsole | r81 | cpe:2.3:a:checkpoint:smartconsole:r81:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.1%