CheckpointCVE-2019-8458CVE-2019-8458
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
34.6%
Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| checkpoint | endpoint_security_clients | * | cpe:2.3:a:checkpoint:endpoint_security_clients:*:*:*:*:*:windows:*:* |
| checkpoint | remote_access_clients | * | cpe:2.3:a:checkpoint:remote_access_clients:*:*:*:*:*:windows:*:* |
| checkpoint | capsule_docs | * | cpe:2.3:a:checkpoint:capsule_docs:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Check Point Endpoint Security Client for Windows, Anti-Malware blade",
"vendor": "Check Point",
"versions": [
{
"status": "affected",
"version": "before E81.00"
}
]
}
]Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
34.6%