CVE-2019-8458

EPSS 0.47%
Veröffentlicht 20.06.2019 17:15:10
Zuletzt bearbeitet 21.11.2024 04:49:56
Quelle cve@checkpoint.com
Teams Watchlist Login
Unerledigt Login

Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Checkpoint ≫ Endpoint Security Clients SwPlatformwindows Version < e81.00

Checkpoint ≫ Remote Access Clients SwPlatformwindows Version < e81.00

Checkpoint ≫ Capsule Docs Version < e81.00

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.47%	0.639

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.4	0.7	3.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:N/A:P

CWE-114 Process Control

Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk153053

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-8458

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-8458

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-8458

EUVD