CVE-2012-2753 — Checkpoint Endpoint Connect vulnerability

3 documents3 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 82.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Checkpoint Endpoint Connect Checkpoint Endpoint Security Checkpoint Endpoint Security VPN +1 more

Timeline

PublishedJun 19

Latest updateMay 17

Description

Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages4 packages

▶NVDcheckpoint/endpoint_connectr73

▶NVDcheckpoint/endpoint_security5 versions+4

▶NVDcheckpoint/endpoint_security_vpnr75

▶NVDcheckpoint/remote_access_clientse75, e75.10, e75.20+2

Patches

Patch: supportcenter.checkpoint.com ↗Patch: supportcenter.checkpoint.com ↗

🔴Vulnerability Details

GHSA

GHSA-6p22-m9pj-g88j: Untrusted search path vulnerability in TrGUI↗2022-05-17

▶

CVEList

CVE-2012-2753: Untrusted search path vulnerability in TrGUI↗2012-06-19

▶