Vulnerability Details CVE-2019-8454
A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.8%
CVSS Severity
CVSS v3 Score 7.0
CVSS v2 Score 6.9
References
Products affected by CVE-2019-8454
-
cpe:2.3:a:checkpoint:endpoint_security:e80
-
cpe:2.3:a:checkpoint:endpoint_security:e80.10
-
cpe:2.3:a:checkpoint:endpoint_security:e80.20
-
cpe:2.3:a:checkpoint:endpoint_security:e80.30
-
cpe:2.3:a:checkpoint:endpoint_security:e80.40
-
cpe:2.3:a:checkpoint:endpoint_security:e80.41
-
cpe:2.3:a:checkpoint:endpoint_security:e80.50
-
cpe:2.3:a:checkpoint:endpoint_security:e80.64
-
cpe:2.3:a:checkpoint:endpoint_security:e80.65
-
cpe:2.3:a:checkpoint:endpoint_security:e80.70
-
cpe:2.3:a:checkpoint:endpoint_security:e80.71
-
cpe:2.3:a:checkpoint:endpoint_security:e80.72
-
cpe:2.3:a:checkpoint:endpoint_security:e80.80
-
cpe:2.3:a:checkpoint:endpoint_security:e80.81
-
cpe:2.3:a:checkpoint:endpoint_security:e80.82
-
cpe:2.3:a:checkpoint:endpoint_security:e80.82.1
-
cpe:2.3:a:checkpoint:endpoint_security:e80.83
-
cpe:2.3:a:checkpoint:endpoint_security:e80.84
-
cpe:2.3:a:checkpoint:endpoint_security:e80.85
-
cpe:2.3:a:checkpoint:endpoint_security:e80.86
-
cpe:2.3:a:checkpoint:endpoint_security:e80.87
-
cpe:2.3:a:checkpoint:endpoint_security:e80.88
-
cpe:2.3:a:checkpoint:endpoint_security:e80.89
-
cpe:2.3:a:checkpoint:endpoint_security:e80.90
-
cpe:2.3:a:checkpoint:endpoint_security:e80.92
-
cpe:2.3:a:checkpoint:endpoint_security:e80.94
-
cpe:2.3:a:checkpoint:endpoint_security:e80.95
-
cpe:2.3:o:microsoft:windows:-