Details of VAR-201904-0202

ID

VAR-201904-0202

CVE

CVE-2019-8454

TITLE

Check Point Endpoint Security client Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-004097

DESCRIPTION

A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system. Check Point Endpoint Security client Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Checkpoint Endpoint Security Client for Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of affected computers. Versions prior to Checkpoint Endpoint Security Client E80.96 for Windows are vulnerable. Check Point Endpoint Security is a set of terminal security protection software from Israel Check Point Company

Trust: 1.98

sources: NVD: CVE-2019-8454 // JVNDB: JVNDB-2019-004097 // BID: 108689 // VULHUB: VHN-159889

AFFECTED PRODUCTS

vendor:	checkpoint	model:	endpoint security	scope:	lt	version:	e80.96	Trust: 1.0
vendor:	check point	model:	endpoint security	scope:	lt	version:	e80.96 (windows)	Trust: 0.8
vendor:	checkpoint	model:	endpoint security e80.95	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.94	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.92	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.90	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.89	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.88	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.87	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.86	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.85	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.84	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.83	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.82	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.81	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.80	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.72	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.71	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.70	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.65	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.64	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.62	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.61	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.60	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.51	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.50	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.42	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.41	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.40	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.32	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.30	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.20	scope:	-	version:	-	Trust: 0.3
vendor:	checkpoint	model:	endpoint security e80.96	scope:	ne	version:	-	Trust: 0.3

sources: BID: 108689 // JVNDB: JVNDB-2019-004097 // NVD: CVE-2019-8454

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8454
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-8454
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201904-1317
value:	HIGH
Trust: 0.6
VULHUB:	VHN-159889
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-8454
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-159889
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8454
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-8454
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-159889 // JVNDB: JVNDB-2019-004097 // CNNVD: CNNVD-201904-1317 // NVD: CVE-2019-8454

PROBLEMTYPE DATA

problemtype:	CWE-59	Trust: 1.1
problemtype:	CWE-65	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-159889 // JVNDB: JVNDB-2019-004097 // NVD: CVE-2019-8454

THREAT TYPE

local

Trust: 0.9

sources: BID: 108689 // CNNVD: CNNVD-201904-1317

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-201904-1317

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004097

PATCH

title:	sk150012	url:	https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk150012	Trust: 0.8
title:	Check Point Endpoint Security Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92141	Trust: 0.6

sources: JVNDB: JVNDB-2019-004097 // CNNVD: CNNVD-201904-1317

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8454	Trust: 2.8
db:	JVNDB	id:	JVNDB-2019-004097	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-1317	Trust: 0.7
db:	BID	id:	108689	Trust: 0.3
db:	VULHUB	id:	VHN-159889	Trust: 0.1

sources: VULHUB: VHN-159889 // BID: 108689 // JVNDB: JVNDB-2019-004097 // CNNVD: CNNVD-201904-1317 // NVD: CVE-2019-8454

REFERENCES

url:	https://supportcenter.us.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk150012	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8454	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8454	Trust: 0.8
url:	https://vigilance.fr/vulnerability/check-point-endpoint-security-file-corruption-29162	Trust: 0.6
url:	http://www.checkpoint.com/	Trust: 0.3
url:	https://supportcenter.us.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk150012	Trust: 0.1

sources: VULHUB: VHN-159889 // BID: 108689 // JVNDB: JVNDB-2019-004097 // CNNVD: CNNVD-201904-1317 // NVD: CVE-2019-8454

CREDITS

Jakub Palaczynski.

Trust: 0.3

sources: BID: 108689

SOURCES

db:	VULHUB	id:	VHN-159889
db:	BID	id:	108689
db:	JVNDB	id:	JVNDB-2019-004097
db:	CNNVD	id:	CNNVD-201904-1317
db:	NVD	id:	CVE-2019-8454

LAST UPDATE DATE

2024-11-23T22:58:45.487000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-159889	date:	2020-10-22T00:00:00
db:	BID	id:	108689	date:	2019-04-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-004097	date:	2019-05-27T00:00:00
db:	CNNVD	id:	CNNVD-201904-1317	date:	2020-10-23T00:00:00
db:	NVD	id:	CVE-2019-8454	date:	2024-11-21T04:49:56.083

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-159889	date:	2019-04-29T00:00:00
db:	BID	id:	108689	date:	2019-04-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-004097	date:	2019-05-27T00:00:00
db:	CNNVD	id:	CNNVD-201904-1317	date:	2019-04-29T00:00:00
db:	NVD	id:	CVE-2019-8454	date:	2019-04-29T16:29:01.157