// For flags

CVE-2019-8459

 

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.

Check Point Endpoint Security Client para Windows, con el VPN blade, anterior a versiĆ³n E80.83, inicia un proceso sin usar comillas en la ruta (path). Esto puede causar la carga de un ejecutable previamente colocado con un nombre similar a las partes de la path, en lugar de uno deseado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-02-18 CVE Reserved
  • 2019-06-20 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-428: Unquoted Search Path or Element
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Checkpoint
Search vendor "Checkpoint"
Jumbo Hotfix For Endpoint Security Server
Search vendor "Checkpoint" for product "Jumbo Hotfix For Endpoint Security Server"
< r77.30
Search vendor "Checkpoint" for product "Jumbo Hotfix For Endpoint Security Server" and version " < r77.30"
-
Affected
Checkpoint
Search vendor "Checkpoint"
Endpoint Security Server Package
Search vendor "Checkpoint" for product "Endpoint Security Server Package"
< r77.30.03
Search vendor "Checkpoint" for product "Endpoint Security Server Package" and version " < r77.30.03"
gaia
Affected
Checkpoint
Search vendor "Checkpoint"
Smartconsole For Endpoint Security Server
Search vendor "Checkpoint" for product "Smartconsole For Endpoint Security Server"
< r77.30.03
Search vendor "Checkpoint" for product "Smartconsole For Endpoint Security Server" and version " < r77.30.03"
-
Affected
Checkpoint
Search vendor "Checkpoint"
Smartconsole For Endpoint Security Server
Search vendor "Checkpoint" for product "Smartconsole For Endpoint Security Server"
e80.83
Search vendor "Checkpoint" for product "Smartconsole For Endpoint Security Server" and version "e80.83"
-
Affected
Checkpoint
Search vendor "Checkpoint"
Endpoint Security Clients
Search vendor "Checkpoint" for product "Endpoint Security Clients"
< e80.83
Search vendor "Checkpoint" for product "Endpoint Security Clients" and version " < e80.83"
windows
Affected
Checkpoint
Search vendor "Checkpoint"
Remote Access Clients
Search vendor "Checkpoint" for product "Remote Access Clients"
< e80.83
Search vendor "Checkpoint" for product "Remote Access Clients" and version " < e80.83"
windows
Affected
Checkpoint
Search vendor "Checkpoint"
Capsule Docs Standalone Client
Search vendor "Checkpoint" for product "Capsule Docs Standalone Client"
< e80.82
Search vendor "Checkpoint" for product "Capsule Docs Standalone Client" and version " < e80.82"
-
Affected