CVE-2019-8459 — Unquoted Search Path or Element in Checkpoint Capsule Docs Standalone Client

CWE-428 — Unquoted Search Path or Element3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.5%

top 33.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Checkpoint Capsule Docs Standalone Client Checkpoint Endpoint Security Clients Checkpoint Endpoint Security Server Package +3 more

Timeline

PublishedJun 20

Latest updateMay 24

Description

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶NVDcheckpoint/endpoint_security_clients< e80.83

▶NVDcheckpoint/endpoint_security< r77.30.03

▶NVDcheckpoint/remote_access_clients< e80.83

▶NVDcheckpoint/capsule_docs_standalone_client< e80.82

▶NVDcheckpoint/jumbo_hotfix< r77.30

🔴Vulnerability Details

GHSA

GHSA-vp84-gqh8-x8v5: Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80↗2022-05-24

▶

CVEList

CVE-2019-8459: Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80↗2019-06-20

▶