CVE-2019-8454

A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system.

CVSS v3 7.0 HIGH
CVSS v2.0 6.9 MEDIUM

7.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk150012	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:checkpoint:endpoint_security:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-04-29 16:29

Updated : 2024-02-04 20:20

NVD link : CVE-2019-8454

Mitre link : CVE-2019-8454

CVE.ORG link : CVE-2019-8454

JSON object : View

Products Affected

microsoft

windows

checkpoint

endpoint_security

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

CWE-65

Windows Hard Link

{"id": "CVE-2019-8454", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2019-04-29T16:29:01.157", "references": [{"url": "https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk150012", "tags": ["Vendor Advisory"], "source": "cve@checkpoint.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}, {"type": "Secondary", "source": "cve@checkpoint.com", "description": [{"lang": "en", "value": "CWE-65"}]}], "descriptions": [{"lang": "en", "value": "A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system."}, {"lang": "es", "value": "Un atacante local puede crear un enlace f\u00edsico entre un archivo en el cual el cliente para Windows de Check Point Endpoint Security escribe, en versiones anteriores a E80.96, y otro archivo BAT, y luego, haci\u00e9ndose pasar por el servidor WPAD, el atacante puede escribir comandos BAT en ese archivo que m\u00e1s tarde ser\u00e1 ejecutado por el usuario o el sistema."}], "lastModified": "2023-11-07T03:13:30.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:checkpoint:endpoint_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFA5CFD2-F7DD-4AC3-90F6-41FD0DA327B0", "versionEndExcluding": "e80.96"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@checkpoint.com"}