Vulnerabilites related to Check Point - Check Point Endpoint Security Client for Windows
CVE-2019-8454 (GCVE-0-2019-8454)
Vulnerability from cvelistv5
Published
2019-04-29 15:10
Modified
2024-08-04 21:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-65 - ,CWE-377
Summary
A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Check Point | Check Point Endpoint Security client for Windows |
Version: before E80.96 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk150012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Check Point Endpoint Security client for Windows",
"vendor": "Check Point",
"versions": [
{
"status": "affected",
"version": "before E80.96"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-65",
"description": "CWE-65,CWE-377",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-29T15:10:15",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk150012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2019-8454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Check Point Endpoint Security client for Windows",
"version": {
"version_data": [
{
"version_value": "before E80.96"
}
]
}
}
]
},
"vendor_name": "Check Point"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-65,CWE-377"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk150012",
"refsource": "MISC",
"url": "https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk150012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2019-8454",
"datePublished": "2019-04-29T15:10:15",
"dateReserved": "2019-02-18T00:00:00",
"dateUpdated": "2024-08-04T21:17:31.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8463 (GCVE-0-2019-8463)
Vulnerability from cvelistv5
Published
2019-12-23 18:18
Modified
2024-08-04 21:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Check Point | Check Point Endpoint Security Client for Windows |
Version: before E82.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportcontent.checkpoint.com/solutions?id=sk163578"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Check Point Endpoint Security Client for Windows",
"vendor": "Check Point",
"versions": [
{
"status": "affected",
"version": "before E82.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-23T18:18:50",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportcontent.checkpoint.com/solutions?id=sk163578"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2019-8463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Check Point Endpoint Security Client for Windows",
"version": {
"version_data": [
{
"version_value": "before E82.10"
}
]
}
}
]
},
"vendor_name": "Check Point"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportcontent.checkpoint.com/solutions?id=sk163578",
"refsource": "CONFIRM",
"url": "https://supportcontent.checkpoint.com/solutions?id=sk163578"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2019-8463",
"datePublished": "2019-12-23T18:18:50",
"dateReserved": "2019-02-18T00:00:00",
"dateUpdated": "2024-08-04T21:17:31.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}