CVE-2020-6014

EPSS 0.11%
Published 02.11.2020 21:15:34
Last modified 21.11.2024 05:34:59
Source cve@checkpoint.com
Teams watchlist Login
Open Login

Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Checkpoint ≫ Endpoint Security SwPlatformwindows Version < e83.20

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.268

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	0.6	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

CWE-114 Process Control

Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

https://supportcontent.checkpoint.com/solutions?id=sk168081

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2020-6014

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-6014

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-6014

EUVD