HIGH🇬🇧 English

CVE-2019-8461

CVSS 7.8v3.0pub. 2019-08-29upd. 2024-11-21

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.

oryginał EN
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Checkpoint Capsule Docs Standalone Client

    APP
    Checkpoint
    < e80.20
  • Checkpoint Endpoint Security

    APP
    Checkpoint
    < e81.30
  • Checkpoint Remote Access Clients

    APP
    Checkpoint
    < e81.30
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-8459CRITICAL9.8ten sam produkt

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process ...

CVE-2023-28134HIGH7.8ten sam produkt

Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Ext...

CVE-2023-28133HIGH7.8ten sam produkt

Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL config...

CVE-2022-23742HIGH7.8ten sam produkt

Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports...

CVE-2021-30360HIGH7.8ten sam produkt

Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular...