CVE-2019-8458

Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.

Published: Jun 20, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-8458
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.4
AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
checkpoint / endpoint_security_clients	-	e81.00
checkpoint / remote_access_clients	-	e81.00
checkpoint / capsule_docs	-	e81.00

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk153053

Vulnerability Database

289,784

CVE-2019-8458