CVE-2020-6021 Vulnerability Details

  /     /     /  

CVE-2020-6021 Metadata Quick Info

CVE Published: 03/12/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: checkpoint | Vendor: n/a | Product: Check Point Endpoint Security Client for Windows
Status : PUBLISHED

---

CVE-2020-6021 Description

Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint client’s privileges.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-427
CWE Name: CWE-427: Uncontrolled Search Path Element
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).