CVE-2020-6021
Last modified
CVE-2020-6021 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint client’s privileges.. EPSS estimates a 0.30% chance of exploitation in the next 30 days.
Description
Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint client’s privileges.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Checkpoint | Endpoint Security | < e84.20 |
References
- https://supportcontent.checkpoint.com/solutions?id=sk170512Vendor Advisory
- https://supportcontent.checkpoint.com/solutions?id=sk170512Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-6021?
How severe is CVE-2020-6021?
How do I fix CVE-2020-6021?
Are you affected by CVE-2020-6021?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST