fkie_nvd - fkie_cve-2024-24916

fkie_cve-2024-24916

Vulnerability from fkie_nvd

Published

2025-06-19 14:15

Modified

2025-09-04 19:01

Severity ?

6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).

References

▼	URL	Tags
	cve@checkpoint.com	https://support.checkpoint.com/results/sk/sk183342	Vendor Advisory

Impacted products

Vendor	Product	Version
checkpoint	smartconsole	r81.10
checkpoint	smartconsole	r81.10
checkpoint	smartconsole	r81.10
checkpoint	smartconsole	r81.10
checkpoint	smartconsole	r81.10
checkpoint	smartconsole	r81.10
checkpoint	smartconsole	r81.10
checkpoint	smartconsole	r81.10
checkpoint	smartconsole	r81.10
checkpoint	smartconsole	r81.10
checkpoint	smartconsole	r81.10
checkpoint	smartconsole	r81.10
checkpoint	smartconsole	r81.10
checkpoint	smartconsole	r81.10
checkpoint	smartconsole	r81.10
checkpoint	smartconsole	r81.10
checkpoint	smartconsole	r81.10
checkpoint	smartconsole	r81.20
checkpoint	smartconsole	r81.20
checkpoint	smartconsole	r81.20
checkpoint	smartconsole	r81.20
checkpoint	smartconsole	r81.20
checkpoint	smartconsole	r81.20
checkpoint	smartconsole	r81.20
checkpoint	smartconsole	r81.20
checkpoint	smartconsole	r81.20
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.10:build400:*:*:*:*:*:*",
              "matchCriteriaId": "4A8D932A-F264-4407-9634-440D4E33FC52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.10:build402:*:*:*:*:*:*",
              "matchCriteriaId": "3FD3EF2A-CB25-4ED1-96AB-1D0D6B9EED08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.10:build404:*:*:*:*:*:*",
              "matchCriteriaId": "3BF908EF-B678-4360-AA22-FF3A21ADBBD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.10:build406:*:*:*:*:*:*",
              "matchCriteriaId": "DEEF7946-C5C5-4E73-ABC7-27EF17406A6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.10:build407:*:*:*:*:*:*",
              "matchCriteriaId": "911A64FD-04DA-4302-A18A-628FD0576A04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.10:build409:*:*:*:*:*:*",
              "matchCriteriaId": "CB2CF53D-8CA7-484D-830F-85F0403D1F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.10:build410:*:*:*:*:*:*",
              "matchCriteriaId": "2334CCE9-1421-41C4-B836-F56E0E461509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.10:build412:*:*:*:*:*:*",
              "matchCriteriaId": "CE76D114-0FB6-4AA1-9DAC-22C365BBC2B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.10:build413:*:*:*:*:*:*",
              "matchCriteriaId": "CAC74BAA-CBE9-4E6A-8BC3-EE2BDCC74BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.10:build414:*:*:*:*:*:*",
              "matchCriteriaId": "CF85F114-6640-4F42-A15C-ADD2F62DB111",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.10:build416:*:*:*:*:*:*",
              "matchCriteriaId": "943F6057-DE9A-427A-A7E9-DA01C2CE3E51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.10:build417:*:*:*:*:*:*",
              "matchCriteriaId": "1DE48E6D-890D-450F-9B5A-C4D85F435D74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.10:build418:*:*:*:*:*:*",
              "matchCriteriaId": "B4A9E7A3-C2D4-423E-9868-FC24348B03FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.10:build420:*:*:*:*:*:*",
              "matchCriteriaId": "BFDD876B-FEDE-40C5-BDC3-42F4625CA8CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.10:build423:*:*:*:*:*:*",
              "matchCriteriaId": "21D64A56-7351-4C4C-BAE7-3681979B0617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.10:build424:*:*:*:*:*:*",
              "matchCriteriaId": "2A857B4D-5C07-4943-A378-7F2F24CF25CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.10:build425:*:*:*:*:*:*",
              "matchCriteriaId": "604AA11E-76A8-49C7-8E48-9AB327DC2FCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.20:build640:*:*:*:*:*:*",
              "matchCriteriaId": "C44125A4-590E-4900-B9AC-792D09FF202C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.20:build641:*:*:*:*:*:*",
              "matchCriteriaId": "633F00F4-B992-44C0-8865-F5F104F424A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.20:build645:*:*:*:*:*:*",
              "matchCriteriaId": "ACB9BBA7-F7D9-468A-8AF4-70926DB58A73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.20:build646:*:*:*:*:*:*",
              "matchCriteriaId": "36FCAD19-496B-44F9-98A2-F47CF8BECFC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.20:build649:*:*:*:*:*:*",
              "matchCriteriaId": "3B8FB412-D9FF-46FD-81C7-8185FAE8C4C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.20:build651:*:*:*:*:*:*",
              "matchCriteriaId": "51B50559-BBFF-4FA1-AC37-A08F12DD6BDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.20:build653:*:*:*:*:*:*",
              "matchCriteriaId": "0118CAB6-6FB8-4EA2-A381-5BC9AB897A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.20:build654:*:*:*:*:*:*",
              "matchCriteriaId": "7CE0C48D-EE95-4762-ABA1-7D2F1DFFFC90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:smartconsole:r81.20:build655:*:*:*:*:*:*",
              "matchCriteriaId": "B017667C-1FCC-4C2A-A8F1-151E86C8549A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted DLLs in the installer\u0027s directory may be loaded and executed, leading to potentially arbitrary code execution with the installer\u0027s privileges (admin)."
    },
    {
      "lang": "es",
      "value": "Es posible que se carguen y ejecuten DLL no confiables en el directorio del instalador, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario con los privilegios del instalador (administrador)."
    }
  ],
  "id": "CVE-2024-24916",
  "lastModified": "2025-09-04T19:01:30.503",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.6,
        "impactScore": 5.9,
        "source": "cve@checkpoint.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-06-19T14:15:44.983",
  "references": [
    {
      "source": "cve@checkpoint.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.checkpoint.com/results/sk/sk183342"
    }
  ],
  "sourceIdentifier": "cve@checkpoint.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "cve@checkpoint.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CVE-2024-24916 (GCVE-0-2024-24916)

Vulnerability from cvelistv5

Published

2025-06-19 13:17

Modified

2025-06-20 13:11

Severity ?

6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-427 - The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.