CVE-2019-8454
Description
A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system.
Risk Information
Base Score
7.0
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.033
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2012-2753 ,CVE-2013-5635 ,CVE-2013-5636 ,CVE-2019-8454 are affected in endpoint_security e80.30-vpn_blade | NCM |
| Vulnerabilities CVE-2012-2753 ,CVE-2013-5635 ,CVE-2013-5636 ,CVE-2019-8454 are affected in endpoint_security e80.20-vpn_blade | NCM |
| Vulnerabilities CVE-2012-2753 ,CVE-2013-5635 ,CVE-2013-5636 ,CVE-2019-8454 are affected in endpoint_security e80.10-vpn_blade | NCM |
| Vulnerabilities CVE-2012-2753 ,CVE-2013-5635 ,CVE-2013-5636 ,CVE-2019-8454 are affected in endpoint_security e80-vpn_blade | NCM |
| Vulnerabilities CVE-2013-5635 ,CVE-2013-5636 ,CVE-2019-8454 are affected in endpoint_security e80.50-vpn_blade | NCM |
| Vulnerabilities CVE-2013-5635 ,CVE-2013-5636 ,CVE-2019-8454 are affected in endpoint_security e80.41-vpn_blade | NCM |
| Vulnerabilities CVE-2013-5635 ,CVE-2013-5636 ,CVE-2019-8454 are affected in endpoint_security e80.40-vpn_blade | NCM |
| Windows Hard Link Vulnerability (CVE-2019-8454) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234