Path Manipulation Vulnerability in Check Point Mobile Access Portal
CVE-2021-30358

7.2HIGH

Key Information:

Vendor: Checkpoint
Status: Check Point Mobile Access Portal Agent
Vendor: CVE Published:; 19 October 2021

Summary

The vulnerability allows the Mobile Access Portal Native Applications to execute applications from unauthorized locations. This occurs when the administrator defines the application's path using environment variables, potentially leading to privileged actions or unauthorized access due to improper handling of application execution paths.

Affected Version(s)

Check Point Mobile Access Portal Agent before build 800007042

References

https://supportcontent.checkpoint.com/solutions?id=sk142952

x_refsource_MISC

https://supportcontent.checkpoint.com/solutions?id=sk175806

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 19, 2021
Vulnerability Reserved
Apr 7, 2021