CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

checkpoint

remote_access_clients

3 known vulnerabilities · sorted by CVSS score

CVE-2019-8459

CRITICAL9.8

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.

checkpoint / jumbo_hotfix_for_endpoint_security_server+6

Network

Published Jun 20, 2019

CVE-2019-8461

HIGH7.8

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.

checkpoint / capsule_docs_standalone_client+2

Local

Published Aug 29, 2019

CVE-2019-8458

MEDIUM4.4

Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.

checkpoint / endpoint_security_clients+2

Network

Published Jun 20, 2019