CVE-2020-6024

EPSS 0.04%
Veröffentlicht 20.01.2021 19:15:12
Zuletzt bearbeitet 21.11.2024 05:35:00
Quelle cve@checkpoint.com
Teams Watchlist Login
Unerledigt Login

Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Checkpoint ≫ Smartconsole Version <= r80.10

Checkpoint ≫ Smartconsole Versionr80.20

Checkpoint ≫ Smartconsole Versionr80.30

Checkpoint ≫ Smartconsole Versionr80.40

Checkpoint ≫ Smartconsole Versionr81

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.101

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-114 Process Control

Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://supportcontent.checkpoint.com/solutions?id=sk142952

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-6024

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-6024

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-6024

EUVD