CVE-2013-5635

Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by entering password guesses within multiple Unlock.exe processes that are running simultaneously.

CVSS v2.0 3.3 LOW

3.3^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 3.4 / Impact : 4.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk96589	Patch
http://www.digitalsec.net/stuff/explt+advs/CheckPoint_EndPoint_EPM_Explorer.txt

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:checkpoint:endpoint_security:e80.40:-:vpn_blade:::::*
	cpe:2.3:a:checkpoint:endpoint_security:e80.41:-:vpn_blade:::::*
	cpe:2.3:a:checkpoint:endpoint_security:e80.50:-:vpn_blade:::::*
	cpe:2.3:a:checkpoint:endpoint_security:e80:-:vpn_blade:::::*
	cpe:2.3:a:checkpoint:endpoint_security:e80.20:-:vpn_blade:::::*
	cpe:2.3:a:checkpoint:endpoint_security:e80.10:-:vpn_blade:::::*
	cpe:2.3:a:checkpoint:endpoint_security:e80.30:-:vpn_blade:::::*

Information

Published : 2013-11-30 03:43

Updated : 2013-12-02 08:20

NVD link : CVE-2013-5635

Mitre link : CVE-2013-5635

JSON object : View

CWE

CWE-255

Credentials Management Errors

Advertisement

Products Affected

checkpoint

endpoint_security

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk96589", "name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk96589", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.digitalsec.net/stuff/explt+advs/CheckPoint_EndPoint_EPM_Explorer.txt", "name": "http://www.digitalsec.net/stuff/explt+advs/CheckPoint_EndPoint_EPM_Explorer.txt", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by entering password guesses within multiple Unlock.exe processes that are running simultaneously."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-255"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-5635", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 3.3, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-11-30T11:43Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_security:e80.40:-:vpn_blade:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_security:e80.41:-:vpn_blade:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_security:e80.50:-:vpn_blade:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_security:e80:-:vpn_blade:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_security:e80.20:-:vpn_blade:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_security:e80.10:-:vpn_blade:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_security:e80.30:-:vpn_blade:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-12-02T16:20Z"}