CVE-2019-8458

Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software...

CVE-2024-24912 Local privilege escalation in Harmony Endpoint Security Client for Windows via crafted DLL file

A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system...

CVE-2024-24912 Local privilege escalation in Harmony Endpoint Security Client for Windows via crafted DLL file

A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system...

CVE-2024-24912

The CVE-2024-24912 issue affects Harmony Endpoint Security Client for Windows versions E88.10 and earlier. A local privilege escalation arises from manipulating a COM object to load a specially crafted DLL, requiring the attacker to first obtain local privileged code execution. Impact is defined ...

Apple macOS Security Breach

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Sonoma version 14.1, which stems from an application that may cause a denial of service to an Endpoint Security client...

Apple macOS Ventura Security Vulnerability

Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura version 13, which originates from an application that may cause a denial of service to an Endpoint Security client...

Design/Logic Flaw

Local privilege escalation in Check Point Endpoint Security Client version E87.30 via crafted OpenSSL configuration file...

CVE-2023-28133

CVE-2023-28133 relates to a local privilege escalation in Check Point Endpoint Security Client (E87.30). The root cause is a flaw involving a crafted OpenSSL configuration file that allows a low-privilege user (Users group) to elevate privileges via affected components (e.g., TracSrvWrapper.exe, ...

Check Point Endpoint Security Client 安全漏洞

Check Point Endpoint Security Client is an endpoint security protection software from Check Point, Israel. A security vulnerability exists in Check Point Endpoint Security Client version E87.30, which originated from a vulnerability that allows an attacker to perform a local privilege escalation ...

PT-2023-3999 · Check Point · Check Point Endpoint Security Client

Name of the Vulnerable Software and Affected Versions: Check Point Endpoint Security Client version E87.30 Description: The issue is related to a local privilege escalation in Check Point Endpoint Security Client. It is caused by incorrect permission assignment for a critical resource. Exploitati...

Check Point Response to CVE-2023-28133 - Local privilege escalation in Check Point Endpoint Security Client via crafted OpenSSL configuration file

Symptoms - Local privilege escalation in Check Point Endpoint Security Client. Affected versions: E87.30 and lower, including all E86.x clients. Affected clients: Standalone Remote Access VPN clients, Endpoint Security Clients with Remote Access VPN enabled. Affected processes: TracSrvWrapper.exe...

Vulnerability fixed in Check Point Endpoint Security Client

Check Point has fixed a vulnerability in Check Point Endpoint Security Client for Windows. A local malicious agent could exploit the vulnerability to obtain elevated privileges and then execute arbitrary code under those privileges. To do so, the malicious party must place rogue files in a...

Design/Logic Flaw

Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links...

Check Point Endpoint Security Client后置链接漏洞

Check Point Endpoint Security Client is an endpoint security protection software from Check Point, Israel. A security vulnerability exists in Check Point Endpoint Security Client that originates from the ability to copy from a low-privilege directory to a high-privilege directory, which could all...

Check Point Response to CVE-2022-23742 - local privileges escalation in Endpoint Security Client's EFRService

Symptoms - The EFRService, which collects forensics data for various blades for the Check Point Endpoint Security Client for Windows, copies files for forensics reports from a directory with insufficient privileges. A local attacker can replace those files with malicious or linked content, which...

Check Point Endpoint Security Client Backlink Vulnerability

Check Point Endpoint Security Client is an endpoint security protection software from Check Point Israel. A backlink vulnerability exists in versions of Check Point Endpoint Security Client prior to E82.10 for Windows-based platforms. The vulnerability originates from a network system or product...

Denial of service

A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations...

CVE-2019-8463

A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations...

CVE-2019-8458

Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software...

CVE-2019-8454

A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the syste...