Lucene search
K
CheckpointEndpoint Security

14 matches found

CVE
CVE
added 2022/07/07 3:51 p.m.118 views

CVE-2022-23744

Check Point Endpoint Security Client (before version E86.50) is affected by CVE-2022-23744 due to an unprotected registry change that lets a local administrator disable endpoint protection. Root cause: protection logic does not guard against specific registry modifications. Impact: local privileg...

2.3CVSS3.8AI score0.0435EPSS
CVE
CVE
added 2019/08/29 8:41 p.m.117 views

CVE-2019-8461

CVE-2019-8461 – Check Point Endpoint Security Initial Client for Windows is a local privilege escalation vulnerability affecting versions prior to E81.30. The issue arises when the client loads a DLL placed in any PATH location on a clean image without the Endpoint Client installed, allowing an a...

7.8CVSS7.7AI score0.01124EPSS
CVE
CVE
added 2022/05/12 7:23 p.m.117 views

CVE-2022-23742

Affected software: Check Point Endpoint Security Client for Windows (versions earlier than E86.40). Vulnerability details: The EFRService copies forensics report files from a directory with insufficient privileges, allowing a local attacker to replace those files with malicious or linked content,...

7.8CVSS7.4AI score0.04076EPSS
CVE
CVE
added 2019/04/22 9:43 p.m.115 views

CVE-2019-8452

CVE-2019-8452 describes a local privilege escalation in Check Point ZoneAlarm up to v15.4.062 and Check Point Endpoint Security Client for Windows prior to E80.96. A hard-link created from the log file archive to any file on the system changes the target file’s permissions, allowing access to all...

7.8CVSS7.4AI score0.01038EPSS
CVE
CVE
added 2012/06/19 8:0 p.m.98 views

CVE-2012-2753

CVE-2012-2753 involves an untrusted DLL search path vulnerability in Check Point Endpoint Connect VPN components (R73.x/E80.x VPN blade, R75 VPN, R73.x/E80.x Endpoint Connect, E75.x Remote Access Clients). The root cause is insecure library loading: a Trojan horse DLL placed in the current workin...

6.9CVSS6.7AI score0.00399EPSS
CVE
CVE
added 2013/11/30 11:0 a.m.87 views

CVE-2013-5635

Affected software : Media Encryption EPM Explorer in Check Point Endpoint Security (through E80.50). Issue : a weakness in how password failure state is maintained, enabling bypass of the device-lock protection by running multiple Unlock.exe processes concurrently. Impact : local, physically prox...

3.3CVSS6.9AI score0.00207EPSS
CVE
CVE
added 2013/11/30 11:0 a.m.81 views

CVE-2013-5636

The CVE-2013-5636 issue affects Check Point Endpoint Security (E80.50) with Media Encryption EPM Explorer’s Unlock.exe. The root cause is that password failure events are not associated with a device ID, enabling physically proximate attackers to bypass device-lock protection by overwriting DVREM...

3.3CVSS6.8AI score0.00196EPSS
CVE
CVE
added 2023/07/23 9:7 a.m.69 views

CVE-2023-28133

CVE-2023-28133 relates to a local privilege escalation in Check Point Endpoint Security Client (E87.30). The root cause is a flaw involving a crafted OpenSSL configuration file that allows a low-privilege user (Users group) to elevate privileges via affected components (e.g., TracSrvWrapper.exe, ...

7.8CVSS7.7AI score0.05701EPSS
CVE
CVE
added 2020/12/03 1:31 p.m.57 views

CVE-2020-6021

CVE-2020-6021 affects Check Point Endpoint Security Client for Windows prior to version E84.20. The vulnerability arises because the MS Installer repair process runs with the client’s privileges and allows normal users to trigger an installation repair, enabling placement of a crafted DLL in the ...

7.8CVSS7.5AI score0.003EPSS
CVE
CVE
added 2022/01/07 10:39 p.m.53 views

CVE-2021-30360

The CVE-2021-30360 entry describes a local, privilege-escalation risk tied to Windows Installer repairs. An attacker with local access can trigger a repair process and place a crafted executable in the repair folder, which then runs with the privileges of the Check Point Remote Access Client. CVS...

7.8CVSS7.5AI score0.0057EPSS
CVE
CVE
added 2019/04/29 3:10 p.m.52 views

CVE-2019-8454

CVE-2019-8454 concerns the Check Point Endpoint Security client for Windows pre-E80.96. A local attacker can create a hard-link between a file the client writes to and another BAT file, then impersonate the WPAD server to inject BAT commands into that file. Those commands may later execute under ...

7CVSS6.8AI score0.00326EPSS
CVE
CVE
added 2023/11/12 10:36 p.m.50 views

CVE-2023-28134

The CVE-2023-28134 issue affects Check Point Harmony Endpoint / ZoneAlarm Extreme Security. A local attacker who can run low-privilege code can escalate to SYSTEM via the Remediation Service vulnerability. Public fixes are available: Check Point Endpoint Security E87.10 Windows clients and ZoneAl...

7.8CVSS7.8AI score0.00239EPSS
CVE
CVE
added 2020/10/30 2:22 p.m.48 views

CVE-2020-6014

Check Point Endpoint Security Client for Windows (before vE83.20) is affected: loading a non-existent DLL during a Domain Name query can allow an administrator to execute code within a Check Point signed binary, with potential client termination. The vulnerability is described across CVE-2020-601...

6.5CVSS6.9AI score0.00372EPSS
CVE
CVE
added 2020/11/05 7:37 p.m.41 views

CVE-2020-6015

CVE-2020-6015 affects Check Point Endpoint Security for Windows prior to E84.10. The vulnerability is a denial of service that can occur during a clean install of the client and results in the inability to store service log files in non-standard locations. The available connected documents reiter...

5.5CVSS5.5AI score0.00338EPSS