Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

gaia_os

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

4
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2024-52885
Assigner-Check Point Software Ltd.
ShareView Details
Assigner-Check Point Software Ltd.
CVSS Score-5||MEDIUM
EPSS-0.07% / 23.23%
||
7 Day CHG-0.02%
Published-06 Aug, 2025 | 14:45
Updated-27 Aug, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path Traversal

The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway.

Action-Not Available
Vendor-Check Point Software Technologies Ltd.
Product-gaia_osremote_access_vpnmobile_accessCheck Point Mobile Access
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-35
Path Traversal: '.../...//'
CVE-2024-24914
Assigner-Check Point Software Ltd.
ShareView Details
Assigner-Check Point Software Ltd.
CVSS Score-8||HIGH
EPSS-0.25% / 48.56%
||
7 Day CHG-0.08%
Published-07 Nov, 2024 | 11:25
Updated-26 Aug, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.

Action-Not Available
Vendor-Check Point Software Technologies Ltd.
Product-quantum_maestroquantum_security_gatewayquantum_scalable_chassisclusterxlquantum_6700gaia_osmulti-domain_managementquantum_security_managementquantum_sparkClusterXL, Multi-Domain Security Management, Quantum Appliances, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Security Managementquantum_security_gatewayquantum_appliancesquantum_security_managementquantum_maestroquantum_scalable_chassisclusterxlmulti-domain_management
CWE ID-CWE-914
Improper Control of Dynamically-Identified Variables
CVE-2021-30361
Assigner-Check Point Software Ltd.
ShareView Details
Assigner-Check Point Software Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.21% / 43.86%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 16:42
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.

Action-Not Available
Vendor-n/aCheck Point Software Technologies Ltd.
Product-gaia_osgaia_portalquantum_security_managementquantum_security_gatewayCheck Point Gaia Portal
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-7311
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 42.53%
||
7 Day CHG~0.00%
Published-23 Jan, 2014 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

Action-Not Available
Vendor-n/aCheck Point Software Technologies Ltd.
Product-gaia_osipso_osn/a