Vulnerability Name:

CVE-2013-5636 (CCN-89823)

Assigned:2013-11-14
Published:2013-11-14
Updated:2013-12-02
Summary:Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by overwriting DVREM.EPM with a copy of itself after each few password guesses.
CVSS v3 Severity:5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:3.3 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N)
2.5 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
3.3 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N)
2.5 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-255
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2013-5636

Source: CCN
Type: Check Point Web Site
Check Point Software

Source: MISC
Type: UNKNOWN
http://www.digitalsec.net/stuff/explt+advs/CheckPoint_EndPoint_EPM_Explorer.txt

Source: XF
Type: UNKNOWN
checkpoint-cve20135636-sec-bypass(89823)

Source: CCN
Type: sk96589
Check Point response to Media Encryption EPM Explorer lockout bypass

Source: CONFIRM
Type: Patch, Vendor Advisory
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk96589

Vulnerable Configuration:Configuration 1:
  • cpe:/a:checkpoint:endpoint_security:e80:-:vpn_blade:*:*:*:*:*
  • OR cpe:/a:checkpoint:endpoint_security:e80.10:-:vpn_blade:*:*:*:*:*
  • OR cpe:/a:checkpoint:endpoint_security:e80.20:-:vpn_blade:*:*:*:*:*
  • OR cpe:/a:checkpoint:endpoint_security:e80.30:-:vpn_blade:*:*:*:*:*
  • OR cpe:/a:checkpoint:endpoint_security:e80.40:-:vpn_blade:*:*:*:*:*
  • OR cpe:/a:checkpoint:endpoint_security:e80.41:-:vpn_blade:*:*:*:*:*
  • OR cpe:/a:checkpoint:endpoint_security:e80.50:-:vpn_blade:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:checkpoint:endpoint_security:e80.40:-:vpn_blade:*:*:*:*:*
  • OR cpe:/a:checkpoint:endpoint_security:e80.41:-:vpn_blade:*:*:*:*:*
  • OR cpe:/a:checkpoint:endpoint_security:e80.50:-:vpn_blade:*:*:*:*:*
  • OR cpe:/a:checkpoint:endpoint_security:e80:-:vpn_blade:*:*:*:*:*
  • OR cpe:/a:checkpoint:endpoint_security:e80.10:-:vpn_blade:*:*:*:*:*
  • OR cpe:/a:checkpoint:endpoint_security:e80.20:-:vpn_blade:*:*:*:*:*
  • OR cpe:/a:checkpoint:endpoint_security:e80.30:-:vpn_blade:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    checkpoint endpoint security e80 -
    checkpoint endpoint security e80.10 -
    checkpoint endpoint security e80.20 -
    checkpoint endpoint security e80.30 -
    checkpoint endpoint security e80.40 -
    checkpoint endpoint security e80.41 -
    checkpoint endpoint security e80.50 -
    checkpoint endpoint security e80.40 -
    checkpoint endpoint security e80.41 -
    checkpoint endpoint security e80.50 -
    checkpoint endpoint security e80 -
    checkpoint endpoint security e80.10 -
    checkpoint endpoint security e80.20 -
    checkpoint endpoint security e80.30 -