Privilege Escalation Vulnerability in Check Point Gaia Portal
CVE-2023-28130

7.2HIGH

Key Information:

Vendor: Checkpoint
Status: Quantum Appliances, Quantum Security Gateways
Vendor: CVE Published:; 26 July 2023

What is CVE-2023-28130?

A local user can exploit a vulnerability in the Check Point Gaia Portal's hostnames page, potentially leading to unauthorized privilege escalation. This weakness enables attackers to execute commands at elevated levels, compromising system integrity and security. Administrators are advised to review this issue promptly and apply necessary patches to mitigate risks associated with this flaw.

Affected Version(s)

Quantum Appliances, Quantum Security Gateways R81.20 before take 14, R81.10 before take 95, R81 before take 82 R80.40 before take 198

References

https://support.checkpoint.com/results/sk/sk181311

https://pentests.nl/pentest-blog/cve-2023-28130-command-i...

http://seclists.org/fulldisclosure/2023/Jul/43

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 26, 2023
Vulnerability Reserved
Mar 10, 2023

Checkpoint

What is CVE-2023-28130?

Affected Version(s)

References

CVSS V3.1

Timeline