CVE-2019-8463 — Link Following in Checkpoint Endpoint Security Clients

CWE-59 — Link Following3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 34.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Checkpoint Endpoint Security Clients Check Point Endpoint Security Client FOR Windows

Timeline

PublishedDec 23

Latest updateMay 24

Description

A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5check_point/check_point_endpoint_security_client_for_windowsbefore E82.10

▶NVDcheckpoint/endpoint_security_clients< e82.10

Patches

Patch: supportcontent.checkpoint.com ↗Patch: supportcontent.checkpoint.com ↗

🔴Vulnerability Details

GHSA

GHSA-3jx2-x7xj-8x2c: A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82↗2022-05-24

▶

CVEList

CVE-2019-8463: A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82↗2019-12-23

▶