Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2019-8461
Modified
More InfoOfficial Page
Source-cve@checkpoint.com
View Known Exploited Vulnerability (KEV) details
Published At-29 Aug, 2019 | 21:15
Updated At-09 Oct, 2019 | 23:52

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Check Point Software Technologies Ltd.
checkpoint
>>capsule_docs_standalone_client>>Versions before e80.20(exclusive)
cpe:2.3:a:checkpoint:capsule_docs_standalone_client:*:*:*:*:*:*:*:*
Check Point Software Technologies Ltd.
checkpoint
>>endpoint_security>>Versions before e81.30(exclusive)
cpe:2.3:a:checkpoint:endpoint_security:*:*:*:*:*:windows:*:*
Check Point Software Technologies Ltd.
checkpoint
>>remote_access_clients>>Versions before e81.30(exclusive)
cpe:2.3:a:checkpoint:remote_access_clients:*:*:*:*:*:windows:*:*
Weaknesses
CWE IDTypeSource
CWE-426Primarynvd@nist.gov
CWE-114Secondarycve@checkpoint.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEMcve@checkpoint.com
Exploit
Third Party Advisory
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk160812cve@checkpoint.com
Patch
Vendor Advisory
Change History
0Changes found
Details not found