Lucene search

[email protected]CVE-2020-6020

HistorySep 24, 2020 - 2:15 p.m.

CVE-2020-6020

2020-09-2414:15:13

CWE-20

[email protected]

web.nvd.nist.gov

check point

internal ca

web management

vulnerability

input validation

command execution

privilege escalation

6.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

6.3 Medium

AI Score

Confidence

High

7.4 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:C/I:C/A:P

0.0004 Low

EPSS

Percentile

12.6%

JSON

Check Point Security Management’s Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator.

Affected configurations

NVD

Node

checkpointica_management_portalRange<r80.20

checkpointica_management_portalMatchr80.20-

checkpointica_management_portalMatchr80.20take_156

Node

checkpointica_management_portalRange<r80.30

checkpointica_management_portalMatchr80.30-

checkpointica_management_portalMatchr80.30take_200

Node

checkpointica_management_portalRange<r80.40

checkpointica_management_portalMatchr80.40-

Node

checkpointica_management_portalRange<r80.10

checkpointica_management_portalMatchr80.10-

CPENameOperatorVersion
checkpoint:ica_management_portalcheckpoint ica management portalltr80.20

CPE	Name	Operator	Version
checkpoint:ica_management_portal	checkpoint ica management portal	lt	r80.20

CNA Affected

[
  {
    "product": "ICA Management Portal",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "before JHFs R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38"
      }
    ]
  }
]

References

supportcontent.checkpoint.com/solutions?id=sk142952

6.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

6.3 Medium

AI Score

Confidence

High

7.4 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:C/I:C/A:P

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for CVE-2020-6020

cvelist1 prion1 nvd1