CVE-2020-6020
MEDIUMCheck Point Security Management <R80.10-0.40 - Command Injection
Title source: llmDescription
Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://supportcontent.checkpoint.com/solutions?id=sk142952
Scores
CVSS v3
6.4
EPSS
0.0051
EPSS Percentile
39.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
Details
CWE
CWE-20
Status
published
Products (5)
checkpoint/ica_management_portal
r80.20 (2 CPE variants)
checkpoint/ica_management_portal
r80.30 (2 CPE variants)
checkpoint/ica_management_portal
r80.40
checkpoint/ica_management_portal
r80.10
checkpoint/ica_management_portal
< r80.20
Published
Sep 24, 2020
Tracked Since
Feb 18, 2026