Sign-up

ID

VAR-201906-0231


CVE

CVE-2019-8458


TITLE

Check Point Endpoint Security Client Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006291

DESCRIPTION

Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate. Check Point Endpoint Security Client Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2019-8458 // JVNDB: JVNDB-2019-006291 // VULHUB: VHN-159893

AFFECTED PRODUCTS

vendor:checkpointmodel:remote access clientsscope:ltversion:e81.00

Trust: 1.0

vendor:checkpointmodel:capsule docsscope:ltversion:e81.00

Trust: 1.0

vendor:checkpointmodel:endpoint security clientsscope:ltversion:e81.00

Trust: 1.0

vendor:check pointmodel:capsule docsscope: - version: -

Trust: 0.8

vendor:check pointmodel:endpoint securityscope: - version: -

Trust: 0.8

vendor:check pointmodel:remote access clientsscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-006291 // NVD: CVE-2019-8458

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8458
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-8458
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201906-842
value: MEDIUM

Trust: 0.6

VULHUB: VHN-159893
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-8458
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-159893
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8458
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 0.7
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-8458
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-159893 // JVNDB: JVNDB-2019-006291 // CNNVD: CNNVD-201906-842 // NVD: CVE-2019-8458

PROBLEMTYPE DATA

problemtype:CWE-114

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-159893 // JVNDB: JVNDB-2019-006291 // NVD: CVE-2019-8458

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-842

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201906-842

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006291

PATCH
title:sk153053url:https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk153053
Trust: 0.8
title:Check Point Endpoint Security Client Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93986
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-006291 // 
            
            
            
            CNNVD: CNNVD-201906-842

EXTERNAL IDS
db:NVDid:CVE-2019-8458
Trust: 2.5
db:JVNDBid:JVNDB-2019-006291
Trust: 0.8
db:CNNVDid:CNNVD-201906-842
Trust: 0.7
db:VULHUBid:VHN-159893
Trust: 0.1
sources:
            
            
            VULHUB: VHN-159893 // 
            
            
            
            JVNDB: JVNDB-2019-006291 // 
            
            
            
            CNNVD: CNNVD-201906-842 // 
            
            
            
            NVD: CVE-2019-8458

REFERENCES
url:https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk153053
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-8458
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8458
Trust: 0.8
url:https://vigilance.fr/vulnerability/check-point-endpoint-security-client-for-windows-executing-dll-code-29598
Trust: 0.6
url:https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk153053
Trust: 0.1
sources:
            
            
            VULHUB: VHN-159893 // 
            
            
            
            JVNDB: JVNDB-2019-006291 // 
            
            
            
            CNNVD: CNNVD-201906-842 // 
            
            
            
            NVD: CVE-2019-8458

SOURCES
db:VULHUBid:VHN-159893
db:JVNDBid:JVNDB-2019-006291
db:CNNVDid:CNNVD-201906-842
db:NVDid:CVE-2019-8458

LAST UPDATE DATE
2024-11-23T23:08:24.084000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-159893date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2019-006291date:2019-07-17T00:00:00
db:CNNVDid:CNNVD-201906-842date:2020-10-23T00:00:00
db:NVDid:CVE-2019-8458date:2024-11-21T04:49:56.597

SOURCES RELEASE DATE
db:VULHUBid:VHN-159893date:2019-06-20T00:00:00
db:JVNDBid:JVNDB-2019-006291date:2019-07-17T00:00:00
db:CNNVDid:CNNVD-201906-842date:2019-06-20T00:00:00
db:NVDid:CVE-2019-8458date:2019-06-20T17:15:10.643