Sign-up

ID

VAR-202009-1519


CVE

CVE-2020-6020


TITLE

Check Point Security Management  of  Internal CA web management  Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-011994

DESCRIPTION

Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator. The platform can specify a unified management strategy to achieve efficient management of the cloud platform. The vulnerability is caused by weak input validation on Windows, which allows an attacker to act as a high-privileged The user runs the program

Trust: 1.71

sources: NVD: CVE-2020-6020 // JVNDB: JVNDB-2020-011994 // VULHUB: VHN-184145

AFFECTED PRODUCTS

vendor:checkpointmodel:ica management portalscope:eqversion:r80.40

Trust: 1.0

vendor:checkpointmodel:ica management portalscope:ltversion:r80.40

Trust: 1.0

vendor:checkpointmodel:ica management portalscope:ltversion:r80.10

Trust: 1.0

vendor:checkpointmodel:ica management portalscope:eqversion:r80.20

Trust: 1.0

vendor:checkpointmodel:ica management portalscope:ltversion:r80.30

Trust: 1.0

vendor:checkpointmodel:ica management portalscope:eqversion:r80.10

Trust: 1.0

vendor:checkpointmodel:ica management portalscope:ltversion:r80.20

Trust: 1.0

vendor:checkpointmodel:ica management portalscope:eqversion:r80.30

Trust: 1.0

vendor:チェック ポイント ソフトウェア テクノロジーズmodel:ica management portalscope:eqversion: -

Trust: 0.8

vendor:チェック ポイント ソフトウェア テクノロジーズmodel:ica management portalscope:ltversion:r80.10 jumbo hf take 278 less than

Trust: 0.8

vendor:チェック ポイント ソフトウェア テクノロジーズmodel:ica management portalscope:ltversion:r80.20 jumbo hf take 160 less than

Trust: 0.8

vendor:チェック ポイント ソフトウェア テクノロジーズmodel:ica management portalscope:ltversion:r80.30 jumbo hf take 210 less than

Trust: 0.8

vendor:チェック ポイント ソフトウェア テクノロジーズmodel:ica management portalscope:ltversion:r80.40 jumbo hf take 38 less than

Trust: 0.8

sources: JVNDB: JVNDB-2020-011994 // NVD: CVE-2020-6020

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6020
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-6020
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202009-1449
value: MEDIUM

Trust: 0.6

VULHUB: VHN-184145
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-6020
severity: HIGH
baseScore: 7.4
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-184145
severity: HIGH
baseScore: 7.4
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-6020
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 0.9
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: CVE-2020-6020
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-184145 // JVNDB: JVNDB-2020-011994 // CNNVD: CNNVD-202009-1449 // NVD: CVE-2020-6020

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-184145 // JVNDB: JVNDB-2020-011994 // NVD: CVE-2020-6020

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202009-1449

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202009-1449

PATCH

title:sk142952url:https://supportcontent.checkpoint.com/solutions?id=sk142952

Trust: 0.8

title:Check Point Internal CA web management Jumbo Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129767

Trust: 0.6

sources: JVNDB: JVNDB-2020-011994 // CNNVD: CNNVD-202009-1449

EXTERNAL IDS

db:NVDid:CVE-2020-6020

Trust: 2.5

db:JVNDBid:JVNDB-2020-011994

Trust: 0.8

db:CNNVDid:CNNVD-202009-1449

Trust: 0.7

db:VULHUBid:VHN-184145

Trust: 0.1

sources: VULHUB: VHN-184145 // JVNDB: JVNDB-2020-011994 // CNNVD: CNNVD-202009-1449 // NVD: CVE-2020-6020

REFERENCES

url:https://supportcontent.checkpoint.com/solutions?id=sk142952

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-6020

Trust: 1.4

url:https://vigilance.fr/vulnerability/check-point-security-management-privilege-escalation-via-internal-ca-web-management-33738

Trust: 0.6

sources: VULHUB: VHN-184145 // JVNDB: JVNDB-2020-011994 // CNNVD: CNNVD-202009-1449 // NVD: CVE-2020-6020

SOURCES

db:VULHUBid:VHN-184145
db:JVNDBid:JVNDB-2020-011994
db:CNNVDid:CNNVD-202009-1449
db:NVDid:CVE-2020-6020

LAST UPDATE DATE

2024-11-23T22:05:26.015000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-184145date:2022-11-16T00:00:00
db:JVNDBid:JVNDB-2020-011994date:2021-04-21T08:09:00
db:CNNVDid:CNNVD-202009-1449date:2020-11-12T00:00:00
db:NVDid:CVE-2020-6020date:2024-11-21T05:34:59.717

SOURCES RELEASE DATE

db:VULHUBid:VHN-184145date:2020-09-24T00:00:00
db:JVNDBid:JVNDB-2020-011994date:2021-04-21T00:00:00
db:CNNVDid:CNNVD-202009-1449date:2020-09-24T00:00:00
db:NVDid:CVE-2020-6020date:2020-09-24T14:15:13.743