CVE-2020-6014 : Exploit Details and Defense Strategies

Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, has a vulnerability that could allow an attacker to execute arbitrary code within a signed binary.

Understanding CVE-2020-6014

This CVE involves a DLL loading issue in Check Point Endpoint Security Client for Windows, potentially leading to code execution.

What is CVE-2020-6014?

CVE-2020-6014 is a vulnerability in Check Point Endpoint Security Client for Windows that could be exploited by an attacker with administrator privileges to execute code within a signed binary.

The Impact of CVE-2020-6014

The vulnerability may allow an attacker to gain code execution within the Check Point software, potentially causing the client to terminate.

Technical Details of CVE-2020-6014

Check Point Endpoint Security Client for Windows is affected by this vulnerability.

Vulnerability Description

The software, before version E83.20, attempts to load a non-existent DLL during a Domain Name query, enabling an attacker to execute code within a signed binary.

Affected Systems and Versions

Product: Check Point Endpoint Security Client for Windows
Versions affected: Before E83.20

Exploitation Mechanism

An attacker with administrator privileges can exploit the DLL loading issue to execute arbitrary code within the software.

Mitigation and Prevention

It is crucial to take immediate steps to address and prevent exploitation of this vulnerability.

Immediate Steps to Take

Update the affected software to version E83.20 or later.
Monitor for any suspicious activities on the network.

Long-Term Security Practices

Regularly update and patch all software to the latest versions.
Implement the principle of least privilege to restrict administrator access.

Patching and Updates

Check Point Software Technologies has released version E83.20 to address this vulnerability. Ensure all affected systems are updated promptly.