Details of VAR-201906-0232

ID

VAR-201906-0232

CVE

CVE-2019-8459

TITLE

Check Point Endpoint Security Client Vulnerabilities related to unquoted search paths or elements

Trust: 0.8

sources: JVNDB: JVNDB-2019-006292

DESCRIPTION

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one. Check Point Endpoint Security Client Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2019-8459 // JVNDB: JVNDB-2019-006292 // VULHUB: VHN-159894

AFFECTED PRODUCTS

vendor:	checkpoint	model:	remote access clients	scope:	lt	version:	e80.83	Trust: 1.0
vendor:	checkpoint	model:	endpoint security server package	scope:	lt	version:	r77.30.03	Trust: 1.0
vendor:	checkpoint	model:	jumbo hotfix for endpoint security server	scope:	lt	version:	r77.30	Trust: 1.0
vendor:	checkpoint	model:	capsule docs standalone client	scope:	lt	version:	e80.82	Trust: 1.0
vendor:	checkpoint	model:	smartconsole for endpoint security server	scope:	lt	version:	r77.30.03	Trust: 1.0
vendor:	checkpoint	model:	smartconsole for endpoint security server	scope:	eq	version:	e80.83	Trust: 1.0
vendor:	checkpoint	model:	endpoint security clients	scope:	lt	version:	e80.83	Trust: 1.0
vendor:	check point	model:	capsule docs	scope:	-	version:	-	Trust: 0.8
vendor:	check point	model:	endpoint security	scope:	-	version:	-	Trust: 0.8
vendor:	check point	model:	endpoint security server package	scope:	-	version:	-	Trust: 0.8
vendor:	check point	model:	jumbo hotfix for endpoint security server	scope:	-	version:	-	Trust: 0.8
vendor:	check point	model:	remote access clients	scope:	-	version:	-	Trust: 0.8
vendor:	check point	model:	smartconsole for endpoint security server	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-006292 // NVD: CVE-2019-8459

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8459
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-8459
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201906-844
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-159894
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-8459
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-159894
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8459
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-159894 // JVNDB: JVNDB-2019-006292 // CNNVD: CNNVD-201906-844 // NVD: CVE-2019-8459

PROBLEMTYPE DATA

problemtype:

CWE-428

Trust: 1.9

sources: VULHUB: VHN-159894 // JVNDB: JVNDB-2019-006292 // NVD: CVE-2019-8459

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-844

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201906-844

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006292

PATCH

title:	sk124972	url:	https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk124972#Resolved%20Issues	Trust: 0.8
title:	Check Point Endpoint Security Client Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93988	Trust: 0.6

sources: JVNDB: JVNDB-2019-006292 // CNNVD: CNNVD-201906-844

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8459	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-006292	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-844	Trust: 0.7
db:	VULHUB	id:	VHN-159894	Trust: 0.1

sources: VULHUB: VHN-159894 // JVNDB: JVNDB-2019-006292 // CNNVD: CNNVD-201906-844 // NVD: CVE-2019-8459

REFERENCES

url:	https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk124972#resolved%20issues	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8459	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8459	Trust: 0.8
url:	https://vigilance.fr/vulnerability/check-point-endpoint-security-client-for-windows-code-execution-via-unquoted-command-29597	Trust: 0.6
url:	https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk124972#resolved%20issues	Trust: 0.1

sources: VULHUB: VHN-159894 // JVNDB: JVNDB-2019-006292 // CNNVD: CNNVD-201906-844 // NVD: CVE-2019-8459

SOURCES

db:	VULHUB	id:	VHN-159894
db:	JVNDB	id:	JVNDB-2019-006292
db:	CNNVD	id:	CNNVD-201906-844
db:	NVD	id:	CVE-2019-8459

LAST UPDATE DATE

2024-11-23T23:04:46.770000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-159894	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-006292	date:	2019-07-17T00:00:00
db:	CNNVD	id:	CNNVD-201906-844	date:	2019-07-16T00:00:00
db:	NVD	id:	CVE-2019-8459	date:	2024-11-21T04:49:56.717

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-159894	date:	2019-06-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-006292	date:	2019-07-17T00:00:00
db:	CNNVD	id:	CNNVD-201906-844	date:	2019-06-20T00:00:00
db:	NVD	id:	CVE-2019-8459	date:	2019-06-20T17:15:10.707