QwikSec

Security Database

CVE

CWE

Training

CVE-2019-8461

Published: Aug 29, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.

Vendor	Product	Versions
n/a	Check Point Endpoint Security Initial Client for Windows	affected `before version E81.30`

Weaknesses (CWE)

References

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk160812

x_refsource_MISC

https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.