CVE-2019-8461 - OpenCVE

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Checkpoint	Capsule Docs Standalone Client Endpoint Security Remote Access Clients

Configuration 1 [-]

OR	cpe:2.3:a:checkpoint:capsule_docs_standalone_client::::::::
	cpe:2.3:a:checkpoint:endpoint_security::::::windows::*
	cpe:2.3:a:checkpoint:remote_access_clients::::::windows::*

No data.

References

Link	Providers
https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk160812

History

No history.

MITRE

Status: PUBLISHED

Assigner: checkpoint

Published: 2019-08-29T20:41:54

Updated: 2024-08-04T21:17:31.435Z

Reserved: 2019-02-18T00:00:00

Link: CVE-2019-8461

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-08-29T21:15:11.400

Modified: 2019-10-09T23:52:27.670

Link: CVE-2019-8461

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Check Point Endpoint Security Initial Client for Windows", "vendor": "n/a", "versions": [{"status": "affected", "version": "before version E81.30"}]}], "descriptions": [{"lang": "en", "value": "Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-114", "description": "CWE-114: Process Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-09-03T19:36:06", "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "shortName": "checkpoint"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk160812"}, {"tags": ["x_refsource_MISC"], "url": "https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@checkpoint.com", "ID": "CVE-2019-8461", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Check Point Endpoint Security Initial Client for Windows", "version": {"version_data": [{"version_value": "before version E81.30"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-114: Process Control"}]}]}, "references": {"reference_data": [{"name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk160812", "refsource": "MISC", "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk160812"}, {"name": "https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM", "refsource": "MISC", "url": "https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:17:31.435Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk160812"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM"}]}]}, "cveMetadata": {"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "assignerShortName": "checkpoint", "cveId": "CVE-2019-8461", "datePublished": "2019-08-29T20:41:54", "dateReserved": "2019-02-18T00:00:00", "dateUpdated": "2024-08-04T21:17:31.435Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:checkpoint:capsule_docs_standalone_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8D79F85-DC49-456B-BFB8-5E303F8A0E8D", "versionEndExcluding": "e80.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkpoint:endpoint_security:*:*:*:*:*:windows:*:*", "matchCriteriaId": "27BB2058-E39A-4830-A351-B1D544C17E5C", "versionEndExcluding": "e81.30", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkpoint:remote_access_clients:*:*:*:*:*:windows:*:*", "matchCriteriaId": "EF0F072B-5EF9-406B-9647-A300C7CD79F0", "versionEndExcluding": "e81.30", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user."}, {"lang": "es", "value": "Check Point Endpoint Security Initial Client para Windows versi\u00f3n anterior a E81.30, intenta cargar una biblioteca DLL localizada en cualquier ubicaci\u00f3n de RUTA (PATH) en una imagen limpia sin el Endpoint Client instalado. Un atacante puede aprovechar esto para conseguir LPE usando una DLL especialmente dise\u00f1ada localizada en cualquier ubicaci\u00f3n de RUTA (PATH) accesible con permisos de escritura para el usuario."}], "id": "CVE-2019-8461", "lastModified": "2019-10-09T23:52:27.670", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-29T21:15:11.400", "references": [{"source": "cve@checkpoint.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM"}, {"source": "cve@checkpoint.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk160812"}], "sourceIdentifier": "cve@checkpoint.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-114"}], "source": "cve@checkpoint.com", "type": "Secondary"}]}