Endpoint Security@* Security Vulnerabilities and Issues — Endpoint Security@* CVE List

CheckpointEndpoint Security*

7 matches found

CVE•added 2019/08/29 8:41 p.m.•111 views

CVE-2019-8461

CVE-2019-8461 – Check Point Endpoint Security Initial Client for Windows is a local privilege escalation vulnerability affecting versions prior to E81.30. The issue arises when the client loads a DLL placed in any PATH location on a clean image without the Endpoint Client installed, allowing an a...

7.8CVSS7.7AI score0.00164EPSS

CVE•added 2022/05/12 7:23 p.m.•104 views

CVE-2022-23742

Affected software: Check Point Endpoint Security Client for Windows (versions earlier than E86.40). Vulnerability details: The EFRService copies forensics report files from a directory with insufficient privileges, allowing a local attacker to replace those files with malicious or linked content,...

7.8CVSS7.4AI score0.00354EPSS

CVE•added 2019/04/22 9:43 p.m.•102 views

CVE-2019-8452

CVE-2019-8452 describes a local privilege escalation in Check Point ZoneAlarm up to v15.4.062 and Check Point Endpoint Security Client for Windows prior to E80.96. A hard-link created from the log file archive to any file on the system changes the target file’s permissions, allowing access to all...

7.8CVSS7.4AI score0.00211EPSS

CVE•added 2020/12/03 1:31 p.m.•49 views

CVE-2020-6021

CVE-2020-6021 affects Check Point Endpoint Security Client for Windows prior to version E84.20. The vulnerability arises because the MS Installer repair process runs with the client’s privileges and allows normal users to trigger an installation repair, enabling placement of a crafted DLL in the ...

7.8CVSS7.5AI score0.00058EPSS

CVE•added 2019/04/29 3:10 p.m.•46 views

CVE-2019-8454

CVE-2019-8454 concerns the Check Point Endpoint Security client for Windows pre-E80.96. A local attacker can create a hard-link between a file the client writes to and another BAT file, then impersonate the WPAD server to inject BAT commands into that file. Those commands may later execute under ...

7CVSS6.8AI score0.00033EPSS

CVE•added 2022/01/07 10:39 p.m.•43 views

CVE-2021-30360

The CVE-2021-30360 entry describes a local, privilege-escalation risk tied to Windows Installer repairs. An attacker with local access can trigger a repair process and place a crafted executable in the repair folder, which then runs with the privileges of the Check Point Remote Access Client. CVS...

7.8CVSS7.5AI score0.00127EPSS

CVE•added 2020/10/30 2:22 p.m.•39 views

CVE-2020-6014

Check Point Endpoint Security Client for Windows (before vE83.20) is affected: loading a non-existent DLL during a Domain Name query can allow an administrator to execute code within a Check Point signed binary, with potential client termination. The vulnerability is described across CVE-2020-601...

6.5CVSS6.9AI score0.00113EPSS