CVE-2020-6014

{"id": "CVE-2020-6014", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.6}]}, "published": "2020-11-02T21:15:34.163", "references": [{"url": "https://supportcontent.checkpoint.com/solutions?id=sk168081", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@checkpoint.com"}, {"url": "https://supportcontent.checkpoint.com/solutions?id=sk168081", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cve@checkpoint.com", "description": [{"lang": "en", "value": "CWE-114"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-426"}]}], "descriptions": [{"lang": "en", "value": "Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate."}, {"lang": "es", "value": "Check Point Endpoint Security Client para Windows, con blades Anti-Bot o Threat Emulation instalados, antes de la versi\u00f3n E83.20, intenta cargar una DLL que no existe durante una consulta para el Domain Name. Un atacante con privilegios de administrador puede aprovechar esto para conseguir una ejecuci\u00f3n de c\u00f3digo dentro de un binario firmado de Check Point Software Technologies, donde bajo determinadas circunstancias puede hacer que el cliente finalice"}], "lastModified": "2024-11-21T05:34:59.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:checkpoint:endpoint_security:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "FD2B7891-9885-4A69-913B-80007F89BF84", "versionEndExcluding": "e83.20"}], "operator": "OR"}]}], "sourceIdentifier": "cve@checkpoint.com"}