CVE-2024-24916

Summary

Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).

Affected Software

VendorProductVersion RangeStatus
checkpointCheck Point SmartConsoleCheck Point SmartConsole versions R81.10, R81.20affected

Weaknesses

  • CWE-427: The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References