7.8
CVE-2019-8461
- EPSS 0.16%
- Veröffentlicht 29.08.2019 21:15:11
- Zuletzt bearbeitet 21.11.2024 04:49:56
- Quelle cve@checkpoint.com
- Teams Watchlist Login
- Unerledigt Login
Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Checkpoint ≫ Capsule Docs Standalone Client Version < e80.20
Checkpoint ≫ Endpoint Security SwPlatformwindows Version < e81.30
Checkpoint ≫ Remote Access Clients SwPlatformwindows Version < e81.30
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.34 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-114 Process Control
Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.