CVE-2021-30360

7.8HIGH

Key Information

Vendor: Checkpoint
Status: Check Point Remote Access Client
Vendor: CVE Published:; 10 January 2022

Summary

Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges.

Affected Version(s)

Check Point Remote Access Client = before E86.20

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jan 10, 2022
Vulnerability Reserved.
Apr 7, 2021

Collectors

NVD DatabaseMitre Database