Vulnerability Description
Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by overwriting DVREM.EPM with a copy of itself after each few password guesses.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Checkpoint | Endpoint Security | e80 |
Related Weaknesses (CWE)
References
- http://www.digitalsec.net/stuff/explt+advs/CheckPoint_EndPoint_EPM_Explorer.txt
- https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsoPatchVendor Advisory
- http://www.digitalsec.net/stuff/explt+advs/CheckPoint_EndPoint_EPM_Explorer.txt
- https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsoPatchVendor Advisory
FAQ
What is CVE-2013-5636?
CVE-2013-5636 is a vulnerability with a CVSS score of 3.3 (LOW). Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attack...
How severe is CVE-2013-5636?
CVE-2013-5636 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5636?
Check the references section above for vendor advisories and patch information. Affected products include: Checkpoint Endpoint Security.