CVE-2006-0255 — Checkpoint Vpn-1 vulnerability

3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 82.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Checkpoint Vpn-1

Timeline

PublishedJan 18

Latest updateMay 1

Description

Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDcheckpoint/vpn-14.1

🔴Vulnerability Details

GHSA

GHSA-8rm2-jxp6-6fm7: Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program↗2022-05-01

▶

CVEList

CVE-2006-0255: Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program↗2006-01-18

▶