Vulnerability Description
Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Checkpoint | Endpoint Security Clients | < e81.00 |
| Checkpoint | Remote Access Clients | < e81.00 |
| Checkpoint | Capsule Docs | < e81.00 |
Related Weaknesses (CWE)
References
- https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsoVendor Advisory
- https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsoVendor Advisory
FAQ
What is CVE-2019-8458?
CVE-2019-8458 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with admi...
How severe is CVE-2019-8458?
CVE-2019-8458 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-8458?
Check the references section above for vendor advisories and patch information. Affected products include: Checkpoint Endpoint Security Clients, Checkpoint Remote Access Clients, Checkpoint Capsule Docs.