Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-30361

Summary
Assigner-checkpoint
Assigner Org ID-897c38be-0345-43cd-b6cf-fe179e0c4f45
Published At-11 May, 2022 | 16:42
Updated At-03 Aug, 2024 | 22:32
Rejected At-
Credits

The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:checkpoint
Assigner Org ID:897c38be-0345-43cd-b6cf-fe179e0c4f45
Published At:11 May, 2022 | 16:42
Updated At:03 Aug, 2024 | 22:32
Rejected At:
▼CVE Numbering Authority (CNA)

The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.

Affected Products
Vendor
n/a
Product
Check Point Gaia Portal
Versions
Affected
  • before Jumbo HFAs released 13-Apr-2022
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://supportcontent.checkpoint.com/solutions?id=sk179128
x_refsource_MISC
Hyperlink: https://supportcontent.checkpoint.com/solutions?id=sk179128
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://supportcontent.checkpoint.com/solutions?id=sk179128
x_refsource_MISC
x_transferred
Hyperlink: https://supportcontent.checkpoint.com/solutions?id=sk179128
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@checkpoint.com
Published At:11 May, 2022 | 17:15
Updated At:25 May, 2022 | 14:20

The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary2.06.9MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.9
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Check Point Software Technologies Ltd.
checkpoint
>>gaia_portal>>Versions before 2022-04-13(exclusive)
cpe:2.3:a:checkpoint:gaia_portal:*:*:*:*:*:*:*:*
Check Point Software Technologies Ltd.
checkpoint
>>quantum_security_management>>-
cpe:2.3:h:checkpoint:quantum_security_management:-:*:*:*:*:*:*:*
Check Point Software Technologies Ltd.
checkpoint
>>gaia_os>>-
cpe:2.3:o:checkpoint:gaia_os:-:*:*:*:*:*:*:*
Check Point Software Technologies Ltd.
checkpoint
>>quantum_security_gateway>>-
cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*
Check Point Software Technologies Ltd.
checkpoint
>>gaia_os>>-
cpe:2.3:o:checkpoint:gaia_os:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE-78Secondarycve@checkpoint.com
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-78
Type: Secondary
Source: cve@checkpoint.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://supportcontent.checkpoint.com/solutions?id=sk179128cve@checkpoint.com
Patch
Vendor Advisory
Hyperlink: https://supportcontent.checkpoint.com/solutions?id=sk179128
Source: cve@checkpoint.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

151Records found
CVE-2021-1476
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.64%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 17:30
Updated-08 Nov, 2024 | 23:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. To exploit this vulnerability, an attacker must have valid administrator-level credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found