Command Injection Vulnerability in Check Point Gaia Portal Admin Interface
CVE-2021-30361

6.7MEDIUM

Key Information:

Vendor: Checkpoint
Status: Check Point Gaia Portal
Vendor: CVE Published:; 11 May 2022

Summary

Authenticated administrators with access to the GUI Clients settings in Check Point Gaia Portal are able to inject malicious commands that execute on the Gaia OS. This vulnerability can potentially compromise the system's integrity, allowing unauthorized actions on the affected platform.

Affected Version(s)

Check Point Gaia Portal before Jumbo HFAs released 13-Apr-2022

References

https://supportcontent.checkpoint.com/solutions?id=sk179128

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2022
Vulnerability Reserved
Apr 7, 2021