CVE-2020-6021

7.8HIGH

Key Information

Vendor: Checkpoint
Status: Check Point Endpoint Security Client For Windows
Vendor: CVE Published:; 3 December 2020

Summary

Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint client’s privileges.

Affected Version(s)

Check Point Endpoint Security Client for Windows = before version E84.20

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Dec 3, 2020
Vulnerability Reserved.
Jan 7, 2020

Collectors

NVD DatabaseMitre Database