// For flags

CVE-2020-6024

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.

Check Point SmartConsole versión anterior a R80.10 Build 185, versión R80.20 Build 119, versión R80.30 anterior a Build 94, versión R80.40 anterior a Build 415 y la versión R81 anterior a Build 548 eran vulnerables a una posible escalada de privilegios local debido a la ejecución de ejecutables desde un directorio con acceso de escritura para todos los usuarios autenticados

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-07 CVE Reserved
  • 2021-01-20 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-114: Process Control
  • CWE-269: Improper Privilege Management
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://supportcontent.checkpoint.com/solutions?id=sk142952 2021-02-02
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Checkpoint
Search vendor "Checkpoint"
 Smartconsole
Search vendor "Checkpoint" for product "Smartconsole"
 <= r80.10
Search vendor "Checkpoint" for product "Smartconsole" and version " <= r80.10"
-
Affected
Checkpoint
Search vendor "Checkpoint"
 Smartconsole
Search vendor "Checkpoint" for product "Smartconsole"
 r80.20
Search vendor "Checkpoint" for product "Smartconsole" and version "r80.20"
-
Affected
Checkpoint
Search vendor "Checkpoint"
 Smartconsole
Search vendor "Checkpoint" for product "Smartconsole"
 r80.30
Search vendor "Checkpoint" for product "Smartconsole" and version "r80.30"
-
Affected
Checkpoint
Search vendor "Checkpoint"
 Smartconsole
Search vendor "Checkpoint" for product "Smartconsole"
 r80.40
Search vendor "Checkpoint" for product "Smartconsole" and version "r80.40"
-
Affected
Checkpoint
Search vendor "Checkpoint"
 Smartconsole
Search vendor "Checkpoint" for product "Smartconsole"
 r81
Search vendor "Checkpoint" for product "Smartconsole" and version "r81"
-
Affected