Checkpoint
Products by Checkpoint Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 0 vulnerabilities in Checkpoint . Last year Checkpoint had 3 security vulnerabilities published. Right now, Checkpoint is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 3 | 7.60 |
2022 | 7 | 6.91 |
2021 | 3 | 6.87 |
2020 | 7 | 6.70 |
2019 | 9 | 7.07 |
2018 | 0 | 0.00 |
It may take a day or so for new Checkpoint vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Checkpoint Security Vulnerabilities
Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security
CVE-2023-28134
7.8 - High
- November 12, 2023
Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Incorrect Permission Assignment for Critical Resource
Local user may lead to privilege escalation using Gaia Portal hostnames page.
CVE-2023-28130
7.2 - High
- July 26, 2023
Local user may lead to privilege escalation using Gaia Portal hostnames page.
Command Injection
Local privilege escalation in Check Point Endpoint Security Client (version E87.30)
CVE-2023-28133
7.8 - High
- July 23, 2023
Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file
Incorrect Permission Assignment for Critical Resource
The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX)
CVE-2022-23746
7.5 - High
- November 30, 2022
The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.
Improper Restriction of Excessive Authentication Attempts
Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges
CVE-2022-41604
8.8 - High
- September 27, 2022
Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This can be leveraged to perform an arbitrary file move as NT AUTHORITY\SYSTEM.
Improper Privilege Management
A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS)
CVE-2022-23745
7.5 - High
- July 18, 2022
A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS). This could result in application crashing but could not be used to gather any sensitive information.
Memory Corruption
Check Point Endpoint before version E86.50 failed to protect against specific registry change which
CVE-2022-23744
2.3 - Low
- July 07, 2022
Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator.
The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command
CVE-2021-30361
6.7 - Medium
- May 11, 2022
The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.
Shell injection
Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process
CVE-2022-23743
7.8 - High
- May 11, 2022
Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.192119
Improper Privilege Management
Users have access to the directory where the installation repair occurs
CVE-2021-30360
7.8 - High
- January 10, 2022
Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges.
DLL preloading
Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications
CVE-2021-30358
7.2 - High
- October 19, 2021
Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent.
Shell injection
SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which
CVE-2021-30357
5.3 - Medium
- June 08, 2021
SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access.
Generation of Error Message Containing Sensitive Information
A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could
CVE-2021-30356
8.1 - High
- April 22, 2021
A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files.
Check Point Endpoint Security Client for Windows before version E84.20
CVE-2020-6021
7.8 - High
- December 03, 2020
Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint clients privileges.
DLL preloading
Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client
CVE-2020-6015
5.5 - Medium
- November 05, 2020
Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations.
Check Point Endpoint Security Client for Windows
CVE-2020-6014
6.5 - Medium
- November 02, 2020
Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.
Untrusted Path
Check Point ZoneAlarm before version 15.8.139.18543
CVE-2020-6022
5.5 - Medium
- October 27, 2020
Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware.
Check Point ZoneAlarm before version 15.8.139.18543
CVE-2020-6023
7.8 - High
- October 27, 2020
Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware.
Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38
CVE-2020-6020
6.4 - Medium
- September 24, 2020
Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator.
Improper Input Validation
ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges
CVE-2020-6012
7.4 - High
- August 04, 2020
ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links. This allows an unprivileged user to enable escalation of privilege via local access.
insecure temporary file
A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10
CVE-2019-8463
7.5 - High
- December 23, 2019
A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations.
insecure temporary file
Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed
CVE-2019-8461
7.8 - High
- August 29, 2019
Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.
Untrusted Path
Check Point Endpoint Security Client for Windows
CVE-2019-8458
4.4 - Medium
- June 20, 2019
Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.
Improper Input Validation
Check Point Endpoint Security Client for Windows
CVE-2019-8459
9.8 - Critical
- June 20, 2019
Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.
Unquoted Search Path or Element
A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so
CVE-2019-8452
7.8 - High
- April 22, 2019
A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.
Permission Issues
A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so
CVE-2019-8455
7.1 - High
- April 17, 2019
A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.
Permission Issues
Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions
CVE-2019-8453
5.5 - Medium
- April 17, 2019
Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client.
Untrusted Path
Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may
CVE-2019-8456
5.9 - Medium
- April 09, 2019
Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server.
Permissions, Privileges, and Access Controls
Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service
CVE-2018-8790
7.8 - High
- March 01, 2019
Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM.
NOTE: this issue has been disputed by the vendor
CVE-2009-1227
- April 02, 2009
NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP header to TCP port 18624. NOTE: the vendor has disputed this issue, stating "Check Point Security Alert Team has analyzed this report. We've tried to reproduce the attack on all VPN-1 versions from NG FP2 and above with and without HFAs. The issue was not reproduced. We have conducted a thorough analysis of the relevant code and verified that we are secure against this attack. We consider this attack to pose no risk to Check Point customers." In addition, the original researcher, whose reliability is unknown as of 20090407, also states that the issue "was discovered during a pen-test where the client would not allow further analysis.
Buffer Overflow
The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which
CVE-2008-0662
7.8 - High
- February 08, 2008
The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials.
Incorrect Permission Assignment for Critical Resource