QwikSec

Security Database

CVE

CWE

Training

CVE-2019-8454

Published: Apr 29, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system.

Vendor	Product	Versions
Check Point	Check Point Endpoint Security client for Windows	affected `before E80.96`

Weaknesses (CWE)

References

https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk150012

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.