CVE-2020-6024
20.01.2021, 19:15
Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.Enginsight
| Vendor | Product | Version |
|---|---|---|
| checkpoint | smartconsole | 𝑥 ≤ r80.10 |
| checkpoint | smartconsole | r80.20 |
| checkpoint | smartconsole | r80.30 |
| checkpoint | smartconsole | r80.40 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-114 - Process ControlExecuting commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.