CVE-2020-6024

EPSS 0.04%
Published 20.01.2021 19:15:12
Last modified 21.11.2024 05:35:00
Source cve@checkpoint.com
Teams watchlist Login
Open Login

Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Checkpoint ≫ Smartconsole Version <= r80.10

Checkpoint ≫ Smartconsole Versionr80.20

Checkpoint ≫ Smartconsole Versionr80.30

Checkpoint ≫ Smartconsole Versionr80.40

Checkpoint ≫ Smartconsole Versionr81

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.101

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-114 Process Control

Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://supportcontent.checkpoint.com/solutions?id=sk142952

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-6024

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-6024

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-6024

EUVD