CVE-2020-6020

MEDIUM

Check Point Security Management <R80.10-0.40 - Command Injection

Title source: llm
STIX 2.1

Description

Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator.

References (1)

Core 1
Core References

Scores

CVSS v3 6.4
EPSS 0.0051
EPSS Percentile 39.9%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Details

CWE
CWE-20
Status published
Products (5)
checkpoint/ica_management_portal r80.20 (2 CPE variants)
checkpoint/ica_management_portal r80.30 (2 CPE variants)
checkpoint/ica_management_portal r80.40
checkpoint/ica_management_portal r80.10
checkpoint/ica_management_portal < r80.20
Published Sep 24, 2020
Tracked Since Feb 18, 2026