Vulnerabilites related to checkpoint - remote_access_clients
CVE-2019-8458 (GCVE-0-2019-8458)
Vulnerability from cvelistv5
Published
2019-06-20 16:44
Modified
2024-08-04 21:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Check Point | Check Point Endpoint Security Client for Windows, Anti-Malware blade |
Version: before E81.00 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk153053"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Check Point Endpoint Security Client for Windows, Anti-Malware blade",
"vendor": "Check Point",
"versions": [
{
"status": "affected",
"version": "before E81.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-114",
"description": "CWE-114",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-20T16:44:33",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk153053"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2019-8458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Check Point Endpoint Security Client for Windows, Anti-Malware blade",
"version": {
"version_data": [
{
"version_value": "before E81.00"
}
]
}
}
]
},
"vendor_name": "Check Point"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-114"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk153053",
"refsource": "CONFIRM",
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk153053"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2019-8458",
"datePublished": "2019-06-20T16:44:33",
"dateReserved": "2019-02-18T00:00:00",
"dateUpdated": "2024-08-04T21:17:31.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8459 (GCVE-0-2019-8459)
Vulnerability from cvelistv5
Published
2019-06-20 16:50
Modified
2024-08-04 21:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Check Point | Check Point Endpoint Security Client for Windows, VPN blade |
Version: before E80.83 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk124972#Resolved%20Issues"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Check Point Endpoint Security Client for Windows, VPN blade",
"vendor": "Check Point",
"versions": [
{
"status": "affected",
"version": "before E80.83"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-20T16:50:58",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk124972#Resolved%20Issues"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2019-8459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Check Point Endpoint Security Client for Windows, VPN blade",
"version": {
"version_data": [
{
"version_value": "before E80.83"
}
]
}
}
]
},
"vendor_name": "Check Point"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk124972#Resolved%20Issues",
"refsource": "CONFIRM",
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk124972#Resolved%20Issues"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2019-8459",
"datePublished": "2019-06-20T16:50:58",
"dateReserved": "2019-02-18T00:00:00",
"dateUpdated": "2024-08-04T21:17:31.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8461 (GCVE-0-2019-8461)
Vulnerability from cvelistv5
Published
2019-08-29 20:41
Modified
2024-08-04 21:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-114 - Process Control
Summary
Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Check Point Endpoint Security Initial Client for Windows |
Version: before version E81.30 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk160812"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Check Point Endpoint Security Initial Client for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version E81.30"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-114",
"description": "CWE-114: Process Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-03T19:36:06",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk160812"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2019-8461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Check Point Endpoint Security Initial Client for Windows",
"version": {
"version_data": [
{
"version_value": "before version E81.30"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-114: Process Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk160812",
"refsource": "MISC",
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk160812"
},
{
"name": "https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM",
"refsource": "MISC",
"url": "https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2019-8461",
"datePublished": "2019-08-29T20:41:54",
"dateReserved": "2019-02-18T00:00:00",
"dateUpdated": "2024-08-04T21:17:31.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2753 (GCVE-0-2012-2753)
Vulnerability from cvelistv5
Published
2012-06-19 20:00
Modified
2024-09-16 23:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120613 Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-19T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20120613 Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120613 Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html"
},
{
"name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480",
"refsource": "CONFIRM",
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2753",
"datePublished": "2012-06-19T20:00:00Z",
"dateReserved": "2012-05-15T00:00:00Z",
"dateUpdated": "2024-09-16T23:45:33.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-08-29 21:15
Modified
2024-11-21 04:49
Severity ?
Summary
Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | capsule_docs_standalone_client | * | |
| checkpoint | endpoint_security | * | |
| checkpoint | remote_access_clients | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkpoint:capsule_docs_standalone_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D79F85-DC49-456B-BFB8-5E303F8A0E8D",
"versionEndExcluding": "e80.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:endpoint_security:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "27BB2058-E39A-4830-A351-B1D544C17E5C",
"versionEndExcluding": "e81.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:remote_access_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EF0F072B-5EF9-406B-9647-A300C7CD79F0",
"versionEndExcluding": "e81.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user."
},
{
"lang": "es",
"value": "Check Point Endpoint Security Initial Client para Windows versi\u00f3n anterior a E81.30, intenta cargar una biblioteca DLL localizada en cualquier ubicaci\u00f3n de RUTA (PATH) en una imagen limpia sin el Endpoint Client instalado. Un atacante puede aprovechar esto para conseguir LPE usando una DLL especialmente dise\u00f1ada localizada en cualquier ubicaci\u00f3n de RUTA (PATH) accesible con permisos de escritura para el usuario."
}
],
"id": "CVE-2019-8461",
"lastModified": "2024-11-21T04:49:56.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T21:15:11.400",
"references": [
{
"source": "cve@checkpoint.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM"
},
{
"source": "cve@checkpoint.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk160812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk160812"
}
],
"sourceIdentifier": "cve@checkpoint.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-114"
}
],
"source": "cve@checkpoint.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-19 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | endpoint_connect | r73 | |
| checkpoint | endpoint_security | e80 | |
| checkpoint | endpoint_security | e80.10 | |
| checkpoint | endpoint_security | e80.20 | |
| checkpoint | endpoint_security | e80.30 | |
| checkpoint | endpoint_security | r73 | |
| checkpoint | endpoint_security_vpn | r75 | |
| checkpoint | remote_access_clients | e75 | |
| checkpoint | remote_access_clients | e75.10 | |
| checkpoint | remote_access_clients | e75.20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkpoint:endpoint_connect:r73:*:*:*:*:*:*:*",
"matchCriteriaId": "1153CE1D-5228-484C-97A5-A8DC2810638C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:endpoint_security:e80:-:vpn_blade:*:*:*:*:*",
"matchCriteriaId": "411DFCC1-0B71-456C-833F-4D423AAE67FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:endpoint_security:e80.10:-:vpn_blade:*:*:*:*:*",
"matchCriteriaId": "25E330FE-2BCB-4887-BDF7-5956C3ADA26A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:endpoint_security:e80.20:-:vpn_blade:*:*:*:*:*",
"matchCriteriaId": "B562E6A4-65AB-4139-B497-9D3D5BE51E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:endpoint_security:e80.30:-:vpn_blade:*:*:*:*:*",
"matchCriteriaId": "5A1E05B2-8FB6-4694-8AE8-24FAEE1C632B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:endpoint_security:r73:*:*:*:*:*:*:*",
"matchCriteriaId": "020E1329-9D13-421D-8475-BB7F159DB82C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:endpoint_security_vpn:r75:*:*:*:*:*:*:*",
"matchCriteriaId": "FEC71EAB-E222-4E73-97F6-29975093A1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:remote_access_clients:e75:*:*:*:*:*:*:*",
"matchCriteriaId": "52DEDD86-1972-484E-8D2F-7EDAB8FFCFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:remote_access_clients:e75.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9B14BF3D-4D60-4775-8392-6CD322A88414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:remote_access_clients:e75.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6B60FE-0662-4208-9A24-5E21118CC4FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en TrGUI.exe en el Endpoint Connect (aka EPC) GUI en Check Point Endpoint Security R73.x y E80.x en la plataforma VPN blade, Endpoint Security VPN R75, Endpoint Connect R73.x, y Remote Access Clients E75.x permite a usuarios locales conseguir privilegios a trav\u00e9s de un caballo de Troya DLL en el directorio de trabajo actual."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027CWE-426: Untrusted Search Path\u0027",
"id": "CVE-2012-2753",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-19T20:55:07.037",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-20 17:15
Modified
2024-11-21 04:49
Severity ?
Summary
Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| checkpoint | endpoint_security_clients | * | |
| checkpoint | remote_access_clients | * | |
| checkpoint | capsule_docs | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkpoint:endpoint_security_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "20B71150-CFB6-4B2F-8E0C-98669FE2879D",
"versionEndExcluding": "e81.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkpoint:remote_access_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "55B9134F-F1A6-4E0F-B492-5233455DD32A",
"versionEndExcluding": "e81.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkpoint:capsule_docs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8869EF-94AF-4E04-B3BB-2106D31CE922",
"versionEndExcluding": "e81.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate."
},
{
"lang": "es",
"value": "Check Point Endpoint Security Client para Windows, con Anti-Malware blade instalado, anterior a versi\u00f3n E81.00, intenta cargar una DLL inexistente durante una actualizaci\u00f3n iniciada por la interfaz de usuario. Un atacante con privilegios de administrador puede aprovechar esto para conseguir la ejecuci\u00f3n de c\u00f3digo dentro de un binario firmado por Check Point Software Technologies, donde bajo ciertas circunstancias puede hacer que el cliente finalice."
}
],
"id": "CVE-2019-8458",
"lastModified": "2024-11-21T04:49:56.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-20T17:15:10.643",
"references": [
{
"source": "cve@checkpoint.com",
"tags": [
"Vendor Advisory"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk153053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk153053"
}
],
"sourceIdentifier": "cve@checkpoint.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-114"
}
],
"source": "cve@checkpoint.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-20 17:15
Modified
2024-11-21 04:49
Severity ?
Summary
Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkpoint:jumbo_hotfix_for_endpoint_security_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "369F9CB7-A059-42A5-BA78-A80C64C24978",
"versionEndExcluding": "r77.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkpoint:endpoint_security_server_package:*:*:*:*:gaia:*:*:*",
"matchCriteriaId": "34572CB5-A664-4901-B9E8-1FF840D9CCEF",
"versionEndExcluding": "r77.30.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkpoint:smartconsole_for_endpoint_security_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFC0759-E7ED-4C82-94AA-9E150DEFB50B",
"versionEndExcluding": "r77.30.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:checkpoint:smartconsole_for_endpoint_security_server:e80.83:*:*:*:*:*:*:*",
"matchCriteriaId": "7614E411-B614-4E8F-8789-A0191018292E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkpoint:endpoint_security_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F97D8F59-C7EF-4797-ABBA-803043E7FFA8",
"versionEndExcluding": "e80.83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkpoint:remote_access_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "987EBF1C-5FFF-4078-8021-6C80BE631D79",
"versionEndExcluding": "e80.83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:checkpoint:capsule_docs_standalone_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AAAC4FF-BD33-4658-8813-B00D2918CBB0",
"versionEndExcluding": "e80.82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one."
},
{
"lang": "es",
"value": "Check Point Endpoint Security Client para Windows, con el VPN blade, anterior a versi\u00f3n E80.83, inicia un proceso sin usar comillas en la ruta (path). Esto puede causar la carga de un ejecutable previamente colocado con un nombre similar a las partes de la path, en lugar de uno deseado."
}
],
"id": "CVE-2019-8459",
"lastModified": "2024-11-21T04:49:56.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-20T17:15:10.707",
"references": [
{
"source": "cve@checkpoint.com",
"tags": [
"Vendor Advisory"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk124972#Resolved%20Issues"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk124972#Resolved%20Issues"
}
],
"sourceIdentifier": "cve@checkpoint.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-428"
}
],
"source": "cve@checkpoint.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-428"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}