CVE-2020-6024
Severity CVSS v4.0:
Pending analysis
Type:
CWE-269
Improper Privilege Management
Publication date:
20/01/2021
Last modified:
02/02/2021
Description
Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:checkpoint:smartconsole:*:*:*:*:*:*:*:* | r80.10 (including) | |
cpe:2.3:a:checkpoint:smartconsole:r80.20:*:*:*:*:*:*:* | ||
cpe:2.3:a:checkpoint:smartconsole:r80.30:*:*:*:*:*:*:* | ||
cpe:2.3:a:checkpoint:smartconsole:r80.40:*:*:*:*:*:*:* | ||
cpe:2.3:a:checkpoint:smartconsole:r81:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page