CVE-2020-6021
Description
Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint clients privileges.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.058
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-8461 ,CVE-2020-6014 ,CVE-2020-6021 are affected in endpoint_security e80.96 | NCM |
| Vulnerabilities CVE-2020-6015 ,CVE-2020-6021 are affected in endpoint_security e84.10 | NCM |
| Vulnerabilities CVE-2020-6021 are affected in endpoint_security e83.20 | NCM |
| Uncontrolled Search Path Element Vulnerability (CVE-2020-6021) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234