Vulnerabilities > Checkpoint

DATE CVE VULNERABILITY TITLE RISK
2020-10-27 CVE-2020-6022 Unspecified vulnerability in Checkpoint Zonealarm
Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware.
local
low complexity
checkpoint
3.6
2020-09-24 CVE-2020-6020 Improper Input Validation vulnerability in Checkpoint ICA Management Portal
Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator.
low complexity
checkpoint CWE-20
6.4
2020-08-04 CVE-2020-6012 Link Following vulnerability in Checkpoint Zonealarm Anti-Ransomware 1.0.0601/1.0.710
ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges.
local
high complexity
checkpoint CWE-59
7.4
2020-07-06 CVE-2020-6013 Improper Privilege Management vulnerability in Checkpoint Zonealarm Extreme Security
ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker who already has access to the system to execute code at elevated privileges through a combination of file permission manipulation and exploitation of Windows CVE-2020-00896 on unpatched systems.
network
low complexity
checkpoint CWE-269
6.5
2019-12-23 CVE-2019-8463 Link Following vulnerability in Checkpoint Endpoint Security Clients
A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations.
network
low complexity
checkpoint CWE-59
5.0
2019-10-02 CVE-2019-8462 Improper Handling of Exceptional Conditions vulnerability in Checkpoint Security Gateway R80.30
In a rare scenario, Check Point R80.30 Security Gateway before JHF Take 50 managed by Check Point R80.30 Management crashes with a unique configuration of enhanced logging.
network
low complexity
checkpoint CWE-755
5.0
2019-08-29 CVE-2019-8461 Untrusted Search Path vulnerability in Checkpoint products
Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed.
6.8
2019-06-20 CVE-2019-8459 Unquoted Search Path or Element vulnerability in Checkpoint products
Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path.
network
low complexity
checkpoint CWE-428
7.5
2019-06-20 CVE-2019-8458 Unspecified vulnerability in Checkpoint products
Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI.
network
checkpoint
3.5
2019-04-29 CVE-2019-8454 Link Following vulnerability in Checkpoint Endpoint Security
A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system.
local
high complexity
checkpoint CWE-59
7.0