Check Point Endpoint Security Client prior E86.40 on Windows link following
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
4.8 | $0-$5k | 0.00 |
A vulnerability, which was classified as critical, has been found in Check Point Endpoint Security Client on Windows. This issue affects some unknown functionality. The manipulation with an unknown input leads to a link following vulnerability. Using CWE to declare the problem leads to CWE-59. The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. Impacted is confidentiality, integrity, and availability.
The weakness was published 05/13/2022. It is possible to read the advisory at supportcontent.checkpoint.com. The identification of this vulnerability is CVE-2022-23742 since 01/19/2022. The technical details are unknown and an exploit is not publicly available.
Upgrading to version E86.40 eliminates this vulnerability.
Similar entries are available at VDB-136796, VDB-136797, VDB-147688 and VDB-164208.
Product
Vendor
Name
Version
- E80.0
- E80.1
- E80.2
- E80.3
- E80.4
- E80.5
- E80.6
- E80.7
- E80.8
- E80.9
- E80.10
- E80.11
- E80.12
- E80.13
- E80.14
- E80.15
- E80.16
- E80.17
- E80.18
- E80.19
- E80.20
- E80.21
- E80.22
- E80.23
- E80.24
- E80.25
- E80.26
- E80.27
- E80.28
- E80.29
- E80.30
- E80.31
- E80.32
- E80.33
- E80.34
- E80.35
- E80.36
- E80.37
- E80.38
- E80.39
- E80.40
- E80.41
- E80.42
- E80.43
- E80.44
- E80.45
- E80.46
- E80.47
- E80.48
- E80.49
- E80.50
- E80.51
- E80.52
- E80.53
- E80.54
- E80.55
- E80.56
- E80.57
- E80.58
- E80.59
- E80.60
- E80.61
- E80.62
- E80.63
- E80.64
- E80.65
- E80.66
- E80.67
- E80.68
- E80.69
- E80.70
- E80.71
- E80.72
- E80.73
- E80.74
- E80.75
- E80.76
- E80.77
- E80.78
- E80.79
- E80.80
- E80.81
- E80.82
- E80.83
- E81
- E82.0
- E82.1
- E82.2
- E82.3
- E82.4
- E82.5
- E82.6
- E82.7
- E82.8
- E82.9
- E82.10
- E83.0
- E83.1
- E83.2
- E83.3
- E83.4
- E83.5
- E83.6
- E83.7
- E83.8
- E83.9
- E83.10
- E83.11
- E83.12
- E83.13
- E83.14
- E83.15
- E83.16
- E83.17
- E83.18
- E83.19
- E83.20
- E84.0
- E84.1
- E84.2
- E84.3
- E84.4
- E84.5
- E84.6
- E84.7
- E84.8
- E84.9
- E84.10
- E84.11
- E84.12
- E84.13
- E84.14
- E84.15
- E84.16
- E84.17
- E84.18
- E84.19
- E84.20
- E88.0
- E88.1
- E88.2
- E88.3
- E88.4
- E88.5
- E88.6
- E88.7
- E88.8
- E88.9
- E88.10
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.0VulDB Meta Temp Score: 4.8
VulDB Base Score: 5.0
VulDB Temp Score: 4.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Link followingCWE: CWE-59
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Endpoint Security Client E86.40
Timeline
01/19/2022 🔍05/13/2022 🔍
05/13/2022 🔍
05/15/2022 🔍
Sources
Vendor: checkpoint.comAdvisory: supportcontent.checkpoint.com
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2022-23742 (🔍)
See also: 🔍
Entry
Created: 05/13/2022 10:19 AMUpdated: 05/15/2022 03:59 PM
Changes: 05/13/2022 10:19 AM (39), 05/15/2022 03:59 PM (1)
Complete: 🔍
Cache ID: 98:D3D:40
No comments yet. Languages: en.
Please log in to comment.