CVE-2019-8459

🗓️ 20 Jun 2019 16:50:58Reported by checkpointType

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one

Reporter	Title	Published	Views	Family All 6
CNVD	Unspecified Vulnerability in Check Point Endpoint Security Clien	24 Jun 201900:00	–	cnvd
Cvelist	CVE-2019-8459	20 Jun 201916:50	–	cvelist
EUVD	EUVD-2019-17849	7 Oct 202500:30	–	euvd
NVD	CVE-2019-8459	20 Jun 201917:15	–	nvd
Prion	Code injection	20 Jun 201917:15	–	prion
RedhatCVE	CVE-2019-8459	22 May 202508:54	–	redhatcve

NVD

Node

checkpoint jumbo_hotfix_for_endpoint_security_serverRange<r77.30

Node

checkpoint endpoint_security_server_packageRange<r77.30.03gaia

Node

checkpoint smartconsole_for_endpoint_security_serverRange<r77.30.03

checkpoint smartconsole_for_endpoint_security_serverMatche80.83

Node

checkpoint endpoint_security_clientsRange<e80.83windows

Node

checkpoint remote_access_clientsRange<e80.83windows

Node

checkpoint capsule_docs_standalone_clientRange<e80.82

[
  {
    "product": "Check Point Endpoint Security Client for Windows, VPN blade",
    "vendor": "Check Point",
    "versions": [
      {
        "status": "affected",
        "version": "before E80.83"
      }
    ]
  }
]

Source	Link
supportcenter	www.supportcenter.checkpoint.com/supportcenter/portal

21 Nov 2024 04:49Current

9.2High risk

Vulners AI Score9.2

CVSS 27.5

CVSS 39.8

EPSS0.00504

CWE-428