Details of VAR-202012-1531

ID

VAR-202012-1531

CVE

CVE-2020-6021

TITLE

Windows for Check Point Endpoint Security Client Vulnerability in Uncontrolled Search Path Elements

Trust: 0.8

sources: JVNDB: JVNDB-2020-014018

DESCRIPTION

Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint client’s privileges. There is no relevant information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Trust: 1.71

sources: NVD: CVE-2020-6021 // JVNDB: JVNDB-2020-014018 // VULHUB: VHN-184146

AFFECTED PRODUCTS

vendor:	checkpoint	model:	endpoint security	scope:	lt	version:	e84.20	Trust: 1.0
vendor:	チェックポイントソフトウェアテクノロジーズ	model:	endpoint security	scope:	eq	version:	e84.20	Trust: 0.8
vendor:	チェックポイントソフトウェアテクノロジーズ	model:	endpoint security	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-014018 // NVD: CVE-2020-6021

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-6021
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-6021
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202012-062
value:	HIGH
Trust: 0.6
VULHUB:	VHN-184146
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-6021
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-184146
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-6021
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-6021
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-184146 // JVNDB: JVNDB-2020-014018 // CNNVD: CNNVD-202012-062 // NVD: CVE-2020-6021

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-184146 // JVNDB: JVNDB-2020-014018 // NVD: CVE-2020-6021

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202012-062

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202012-062

PATCH

title:

sk170512

url:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk170512

Trust: 0.8

sources: JVNDB: JVNDB-2020-014018

EXTERNAL IDS

db:	NVD	id:	CVE-2020-6021	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-014018	Trust: 0.8
db:	CNNVD	id:	CNNVD-202012-062	Trust: 0.7
db:	VULHUB	id:	VHN-184146	Trust: 0.1

sources: VULHUB: VHN-184146 // JVNDB: JVNDB-2020-014018 // CNNVD: CNNVD-202012-062 // NVD: CVE-2020-6021

REFERENCES

url:	https://supportcontent.checkpoint.com/solutions?id=sk170512	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6021	Trust: 1.4
url:	https://vigilance.fr/vulnerability/check-point-endpoint-security-client-for-window-vulnerability-34029	Trust: 0.6

sources: VULHUB: VHN-184146 // JVNDB: JVNDB-2020-014018 // CNNVD: CNNVD-202012-062 // NVD: CVE-2020-6021

SOURCES

db:	VULHUB	id:	VHN-184146
db:	JVNDB	id:	JVNDB-2020-014018
db:	CNNVD	id:	CNNVD-202012-062
db:	NVD	id:	CVE-2020-6021

LAST UPDATE DATE

2024-11-23T22:29:20.911000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-184146	date:	2021-11-05T00:00:00
db:	JVNDB	id:	JVNDB-2020-014018	date:	2021-07-19T09:11:00
db:	CNNVD	id:	CNNVD-202012-062	date:	2020-12-16T00:00:00
db:	NVD	id:	CVE-2020-6021	date:	2024-11-21T05:34:59.843

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-184146	date:	2020-12-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-014018	date:	2021-07-19T00:00:00
db:	CNNVD	id:	CNNVD-202012-062	date:	2020-12-02T00:00:00
db:	NVD	id:	CVE-2020-6021	date:	2020-12-03T14:15:11.190