Vulnerability Description
Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Checkpoint | Jumbo Hotfix For Endpoint Security Server | < r77.30 |
| Checkpoint | Endpoint Security Server Package | < r77.30.03 |
| Checkpoint | Smartconsole For Endpoint Security Server | < r77.30.03 |
| Checkpoint | Endpoint Security Clients | < e80.83 |
| Checkpoint | Remote Access Clients | < e80.83 |
| Checkpoint | Capsule Docs Standalone Client | < e80.82 |
Related Weaknesses (CWE)
References
- https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsoVendor Advisory
- https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsoVendor Advisory
FAQ
What is CVE-2019-8459?
CVE-2019-8459 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable...
How severe is CVE-2019-8459?
CVE-2019-8459 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-8459?
Check the references section above for vendor advisories and patch information. Affected products include: Checkpoint Jumbo Hotfix For Endpoint Security Server, Checkpoint Endpoint Security Server Package, Checkpoint Smartconsole For Endpoint Security Server, Checkpoint Endpoint Security Clients, Checkpoint Remote Access Clients.