CVE-2019-8459

CRITICAL

Check Point Endpoint Security Client <E80.83 - Path Traversal

Title source: llm

Description

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk124972#Resolved%20Issues

Scores

CVSS v3 9.8

EPSS 0.0119

EPSS Percentile 63.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-428

Status published

Products (7)

checkpoint/capsule_docs_standalone_client < e80.82

checkpoint/endpoint_security_clients < e80.83

checkpoint/endpoint_security_server_package < r77.30.03

checkpoint/jumbo_hotfix_for_endpoint_security_server < r77.30

checkpoint/remote_access_clients < e80.83

checkpoint/smartconsole_for_endpoint_security_server e80.83

checkpoint/smartconsole_for_endpoint_security_server < r77.30.03

Published Jun 20, 2019

Tracked Since Feb 18, 2026