Search criteria
102 vulnerabilities
CVE-2025-3831 (GCVE-0-2025-3831)
Vulnerability from cvelistv5 – Published: 2025-08-12 14:48 – Updated: 2025-08-12 15:02
VLAI?
Summary
Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties.
Severity ?
8.1 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| checkpoint | Check Point Harmony SASE |
Affected:
Other
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3831",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:01:45.427366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:02:44.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Check Point Harmony SASE",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Other"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor.",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:48:26.195Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk183761"
}
],
"title": "Exposed SFTP server"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2025-3831",
"datePublished": "2025-08-12T14:48:26.195Z",
"dateReserved": "2025-04-20T09:55:50.263Z",
"dateUpdated": "2025-08-12T15:02:44.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52885 (GCVE-0-2024-52885)
Vulnerability from cvelistv5 – Published: 2025-08-06 14:45 – Updated: 2025-08-06 15:03
VLAI?
Summary
The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway.
Severity ?
5 (Medium)
CWE
- CWE-35 - Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| checkpoint | Check Point Mobile Access |
Affected:
Check Point Mobile Access versions R81.10, R81.20, R82
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52885",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T15:02:46.396665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T15:03:53.437Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Check Point Mobile Access",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Check Point Mobile Access versions R81.10, R81.20, R82"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mobile Access Portal\u0027s File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of \u0027nobody\u0027-accessible directories on the Mobile Access gateway."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35: Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T14:45:43.182Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk183137"
}
],
"title": "Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-52885",
"datePublished": "2025-08-06T14:45:43.182Z",
"dateReserved": "2024-11-17T08:00:07.201Z",
"dateUpdated": "2025-08-06T15:03:53.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2028 (GCVE-0-2025-2028)
Vulnerability from cvelistv5 – Published: 2025-08-06 14:44 – Updated: 2025-08-06 15:05
VLAI?
Summary
Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs
Severity ?
6.5 (Medium)
CWE
- CWE-295 - Improper Certificate Validation.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| checkpoint | Check Point Management Log Server |
Affected:
versions R81.10, R81.20, R82
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T15:05:10.377561Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T15:05:22.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Check Point Management Log Server",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "versions R81.10, R81.20, R82"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T14:44:31.807Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk183349"
}
],
"title": "Lack of TLS validation"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2025-2028",
"datePublished": "2025-08-06T14:44:31.807Z",
"dateReserved": "2025-03-06T08:12:54.608Z",
"dateUpdated": "2025-08-06T15:05:22.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24915 (GCVE-0-2024-24915)
Vulnerability from cvelistv5 – Published: 2025-06-29 12:02 – Updated: 2025-06-30 13:32
VLAI?
Summary
Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them.
Severity ?
6.1 (Medium)
CWE
- CWE-316 - The product stores sensitive information in cleartext in memory.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| checkpoint | Check Point SmartConsole |
Affected:
Check Point SmartConsole versions R81.10, R81.20, R82
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T13:14:08.984786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T13:32:15.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Check Point SmartConsole",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Check Point SmartConsole versions R81.10, R81.20, R82"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-316",
"description": "The product stores sensitive information in cleartext in memory.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-29T12:02:41.126Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk183545"
}
],
"title": "SmartConsole Sensitive Credential Exposure via Memory Dump"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-24915",
"datePublished": "2025-06-29T12:02:41.126Z",
"dateReserved": "2024-02-01T15:19:26.278Z",
"dateUpdated": "2025-06-30T13:32:15.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24916 (GCVE-0-2024-24916)
Vulnerability from cvelistv5 – Published: 2025-06-19 13:17 – Updated: 2025-06-20 13:11
VLAI?
Summary
Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).
Severity ?
6.5 (Medium)
CWE
- CWE-427 - The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| checkpoint | Check Point SmartConsole |
Affected:
Check Point SmartConsole versions R81.10, R81.20
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-20T13:06:34.598794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:11:11.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Check Point SmartConsole",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Check Point SmartConsole versions R81.10, R81.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted DLLs in the installer\u0027s directory may be loaded and executed, leading to potentially arbitrary code execution with the installer\u0027s privileges (admin)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T13:17:39.651Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk183342"
}
],
"title": "DLL-HiJacking"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-24916",
"datePublished": "2025-06-19T13:17:39.651Z",
"dateReserved": "2024-02-01T15:19:26.278Z",
"dateUpdated": "2025-06-20T13:11:11.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52888 (GCVE-0-2024-52888)
Vulnerability from cvelistv5 – Published: 2025-04-27 07:46 – Updated: 2025-04-28 16:31
VLAI?
Summary
For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| checkpoint | Check Point Mobile Access |
Affected:
Check Point Mobile Access versions R81.10, R81.20, R82
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T15:48:42.433559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:31:15.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Check Point Mobile Access",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Check Point Mobile Access versions R81.10, R81.20, R82"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "For an authenticated end-user the portal may run a script while attempting to display a directory or some file\u0027s properties."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027).",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T07:46:53.542Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk183055"
}
],
"title": "Stored-XSS"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-52888",
"datePublished": "2025-04-27T07:46:53.542Z",
"dateReserved": "2024-11-17T08:00:07.201Z",
"dateUpdated": "2025-04-28T16:31:15.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52887 (GCVE-0-2024-52887)
Vulnerability from cvelistv5 – Published: 2025-04-27 07:46 – Updated: 2025-04-28 16:31
VLAI?
Summary
Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| checkpoint | Check Point Mobile Access |
Affected:
Check Point Mobile Access versions R81.10, R81.20, R82
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T15:49:03.217887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:31:21.597Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Check Point Mobile Access",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Check Point Mobile Access versions R81.10, R81.20, R82"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027).",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T07:46:23.027Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk183054"
}
],
"title": "Self-XSS"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-52887",
"datePublished": "2025-04-27T07:46:23.027Z",
"dateReserved": "2024-11-17T08:00:07.201Z",
"dateUpdated": "2025-04-28T16:31:21.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24911 (GCVE-0-2024-24911)
Vulnerability from cvelistv5 – Published: 2025-02-06 13:46 – Updated: 2025-02-06 14:11
VLAI?
Summary
In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache.
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| checkpoint | Multi-Domain Security Management, Quantum Security Management |
Affected:
Quantum Security Management R81 (EOS), R81.10, R81.20
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24911",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T14:11:40.331277Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T14:11:48.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Multi-Domain Security Management, Quantum Security Management",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Quantum Security Management R81 (EOS), R81.10, R81.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway\u0027s CRL cache."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T13:46:11.824Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk183101"
}
],
"title": "Out of Bounds read in the CPCA process on Check Point Management Server"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-24911",
"datePublished": "2025-02-06T13:46:11.824Z",
"dateReserved": "2024-02-01T15:19:26.278Z",
"dateUpdated": "2025-02-06T14:11:48.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24914 (GCVE-0-2024-24914)
Vulnerability from cvelistv5 – Published: 2024-11-07 11:25 – Updated: 2024-11-07 17:33
VLAI?
Summary
Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.
Severity ?
CWE
- CWE-914 - Improper Control of Dynamically-Identified Variables
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| checkpoint | ClusterXL, Multi-Domain Security Management, Quantum Appliances, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Security Management |
Affected:
Check Point Quantum Gateways versions R81, R81.10, R81.20
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:checkpoint:clusterxl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clusterxl",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:multi-domain_management:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "multi-domain_management",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_appliances:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_appliances",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_maestro:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_maestro",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_scalable_chassis:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_scalable_chassis",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_security_gateway:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_security_gateway",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_security_management:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_security_management",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T16:56:57.795526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T17:33:31.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ClusterXL, Multi-Domain Security Management, Quantum Appliances, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Security Management",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Check Point Quantum Gateways versions R81, R81.10, R81.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-914",
"description": "CWE-914: Improper Control of Dynamically-Identified Variables",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T11:25:53.238Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk182743"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-24914",
"datePublished": "2024-11-07T11:25:53.238Z",
"dateReserved": "2024-02-01T15:19:26.278Z",
"dateUpdated": "2024-11-07T17:33:31.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24919 (GCVE-0-2024-24919)
Vulnerability from cvelistv5 – Published: 2024-05-28 18:22 – Updated: 2025-10-21 23:05
VLAI?
Summary
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
Severity ?
8.6 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| checkpoint | Check Point Quantum Gateway, Spark Gateway and CloudGuard Network |
Affected:
Check Point Quantum Gateway and CloudGuard Network versions R81.20, R81.10, R81, R80.40 and Check Point Spark versions R81.10, R80.20.
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "quantum_security_gateway_firmware",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "quantum_security_gateway_firmware",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "quantum_security_gateway_firmware",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "quantum_security_gateway_firmware",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:cloudguard_network:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloudguard_network",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:cloudguard_network:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloudguard_network",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:cloudguard_network:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloudguard_network",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:cloudguard_network:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloudguard_network",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_spark_appliances:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_spark_appliances",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_spark_appliances:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_spark_appliances",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_spark_appliances:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_spark_appliances",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:quantum_spark_appliances:r80.40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quantum_spark_appliances",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "r80.40"
},
{
"status": "affected",
"version": "r81"
},
{
"status": "affected",
"version": "r81.10"
},
{
"status": "affected",
"version": "r81.20"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24919",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T04:00:11.841700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-05-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-24919"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:17.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.mnemonic.io/resources/blog/advisory-check-point-remote-access-vpn-vulnerability-cve-2024-24919/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-24919"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-30T00:00:00+00:00",
"value": "CVE-2024-24919 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:20.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.checkpoint.com/results/sk/sk182336"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Check Point Quantum Gateway, Spark Gateway and CloudGuard Network",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Check Point Quantum Gateway and CloudGuard Network versions R81.20, R81.10, R81, R80.40 and Check Point Spark versions R81.10, R80.20."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T12:40:21.757Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk182336"
}
],
"title": "Information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-24919",
"datePublished": "2024-05-28T18:22:19.401Z",
"dateReserved": "2024-02-01T15:19:26.279Z",
"dateUpdated": "2025-10-21T23:05:17.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24912 (GCVE-0-2024-24912)
Vulnerability from cvelistv5 – Published: 2024-05-01 13:22 – Updated: 2024-08-01 23:36
VLAI?
Summary
A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system.
Severity ?
6.7 (Medium)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| checkpoint | Harmony Endpoint Security Client for Windows |
Affected:
Harmony Endpoint Security Client for Windows versions E88.10 and below
|
Credits
Kolja Grassmann (Cirosec GmbH)
Alain Rödel (Neodyme)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:checkpoint:harmony_endpoint:e83:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "harmony_endpoint",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "e88.10"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-24912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T17:15:29.343054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:34.409Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:20.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.checkpoint.com/results/sk/sk182244"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Harmony Endpoint Security Client for Windows",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "Harmony Endpoint Security Client for Windows versions E88.10 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kolja Grassmann (Cirosec GmbH)"
},
{
"lang": "en",
"type": "finder",
"value": "Alain R\u00f6del (Neodyme)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T13:22:48.486Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk182244"
}
],
"title": "Local privilege escalation in Harmony Endpoint Security Client for Windows via crafted DLL file"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-24912",
"datePublished": "2024-05-01T13:22:48.486Z",
"dateReserved": "2024-02-01T15:19:26.278Z",
"dateUpdated": "2024-08-01T23:36:20.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24910 (GCVE-0-2024-24910)
Vulnerability from cvelistv5 – Published: 2024-04-18 17:35 – Updated: 2025-09-29 12:30
VLAI?
Summary
A local attacker can erscalate privileges on affected Check Point ZoneAlarm ExtremeSecurity NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system.
Severity ?
7.3 (High)
CWE
- CWE-732 - IncorrectPermissionAssignmentforCriticalResource
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| checkpoint | ZoneAlarmExtremeSecurityNextGen,IdentityAgentforWindows,IdentityAgentforWindowsTerminalServer |
Affected:
ZoneAlarmExtremeSecurityNextGen-versionslowerthan4.2.7,IdentityAgentforWindows-versionslowerthanR81.070.0000,IdentityAgentforWindowsTerminalServer-versionslowerthanR81.070.0000
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:checkpoint:identity_agent:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "identity_agent",
"vendor": "checkpoint",
"versions": [
{
"lessThan": "R81.070.0000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:checkpoint:zonealarm_extreme_security:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zonealarm_extreme_security",
"vendor": "checkpoint",
"versions": [
{
"lessThan": "4.2.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-24910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-25T19:46:15.022279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:02.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:20.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.checkpoint.com/results/sk/sk182219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZoneAlarmExtremeSecurityNextGen,IdentityAgentforWindows,IdentityAgentforWindowsTerminalServer",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "ZoneAlarmExtremeSecurityNextGen-versionslowerthan4.2.7,IdentityAgentforWindows-versionslowerthanR81.070.0000,IdentityAgentforWindowsTerminalServer-versionslowerthanR81.070.0000"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local attacker can erscalate privileges on affected Check Point ZoneAlarm ExtremeSecurity NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732:IncorrectPermissionAssignmentforCriticalResource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T12:30:45.141Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk182219"
}
],
"title": "LocalprivilegeescalationinCheckPointZoneAlarmExtremeSecurityNextGen,IdentityAgentforWindows,andIdentityAgentforWindowsTerminalServerviacraftedDLLfile"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2024-24910",
"datePublished": "2024-04-18T17:35:42.688Z",
"dateReserved": "2024-02-01T15:19:26.278Z",
"dateUpdated": "2025-09-29T12:30:45.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28134 (GCVE-0-2023-28134)
Vulnerability from cvelistv5 – Published: 2023-11-12 22:36 – Updated: 2024-09-03 18:31
VLAI?
Summary
Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity ?
7.8 (High)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| checkpoint | Harmony Endpoint. |
Affected:
E84.x (EOL), E85.x (EOL), E86.x, E87.x before E81.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.checkpoint.com/results/sk/sk181597"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T18:29:08.779971Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:31:14.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Harmony Endpoint.",
"vendor": "checkpoint",
"versions": [
{
"status": "affected",
"version": "E84.x (EOL), E85.x (EOL), E86.x, E87.x before E81.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-12T22:36:19.549Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk181597"
}
],
"title": "Local Privliege Escalation in Check Point Endpoint Security Remediation Service"
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2023-28134",
"datePublished": "2023-11-12T22:36:19.549Z",
"dateReserved": "2023-03-10T21:20:19.555Z",
"dateUpdated": "2024-09-03T18:31:14.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28130 (GCVE-0-2023-28130)
Vulnerability from cvelistv5 – Published: 2023-07-26 10:57 – Updated: 2025-02-13 16:45
VLAI?
Summary
Local user may lead to privilege escalation using Gaia Portal hostnames page.
Severity ?
7.2 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Quantum Appliances, Quantum Security Gateways |
Affected:
R81.20 before take 14, R81.10 before take 95, R81 before take 82 R80.40 before take 198
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.checkpoint.com/results/sk/sk181311"
},
{
"tags": [
"x_transferred"
],
"url": "https://pentests.nl/pentest-blog/cve-2023-28130-command-injection-in-check-point-gaia-portal/"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jul/43"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Aug/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173918/Checkpoint-Gaia-Portal-R81.10-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:checkpoint:gaia_portal:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gaia_portal",
"vendor": "checkpoint",
"versions": [
{
"lessThan": "take14",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "take82",
"status": "affected",
"version": "r81.10",
"versionType": "custom"
},
{
"lessThan": "take198",
"status": "affected",
"version": "r80.40",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28130",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T03:55:42.786958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T14:37:14.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Quantum Appliances, Quantum Security Gateways",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "R81.20 before take 14, R81.10 before take 95, R81 before take 82 R80.40 before take 198"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local user may lead to privilege escalation using Gaia Portal hostnames page."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T11:06:16.396Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk181311"
},
{
"url": "https://pentests.nl/pentest-blog/cve-2023-28130-command-injection-in-check-point-gaia-portal/"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/43"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/4"
},
{
"url": "http://packetstormsecurity.com/files/173918/Checkpoint-Gaia-Portal-R81.10-Remote-Command-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2023-28130",
"datePublished": "2023-07-26T10:57:02.708Z",
"dateReserved": "2023-03-10T21:20:19.555Z",
"dateUpdated": "2025-02-13T16:45:40.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28133 (GCVE-0-2023-28133)
Vulnerability from cvelistv5 – Published: 2023-07-23 09:07 – Updated: 2024-10-24 15:52
VLAI?
Summary
Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file
Severity ?
No CVSS data available.
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Harmony Endpoint. |
Affected:
E87.x before E81.31
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.checkpoint.com/results/sk/sk181276"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T15:52:41.369872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T15:52:50.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Harmony Endpoint.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "E87.x before E81.31"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-23T11:16:41.704Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://support.checkpoint.com/results/sk/sk181276"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2023-28133",
"datePublished": "2023-07-23T09:07:35.383Z",
"dateReserved": "2023-03-10T21:20:19.555Z",
"dateUpdated": "2024-10-24T15:52:50.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28131 (GCVE-0-2023-28131)
Vulnerability from cvelistv5 – Published: 2023-04-24 00:00 – Updated: 2025-02-04 16:33
VLAI?
Summary
A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc).
Severity ?
9.6 (Critical)
CWE
- The use of AuthSession modules’s useProxy in Expo below SDK 48 may allow OAuth hijacking, which leads to credentials theft and Account Takeover.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Expo.io | Expo AuthSession module |
Affected:
All versions prior to SDK 48.* (Affected SDK 45.*, 46.* and 47.*)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blog.expo.dev/security-advisory-for-developers-using-authsessions-useproxy-options-and-auth-expo-io-e470fe9346df"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.darkreading.com/endpoint/oauth-flaw-in-expo-platform-affects-hundreds-of-third-party-sites-apps"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T16:33:49.057475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T16:33:56.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Expo AuthSession module",
"vendor": "Expo.io",
"versions": [
{
"status": "affected",
"version": "All versions prior to SDK 48.* (Affected SDK 45.*, 46.* and 47.*)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the \"Expo AuthSession Redirect Proxy\" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The use of AuthSession modules\u2019s useProxy in Expo below SDK 48 may allow OAuth hijacking, which leads to credentials theft and Account Takeover.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-25T00:00:00.000Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://blog.expo.dev/security-advisory-for-developers-using-authsessions-useproxy-options-and-auth-expo-io-e470fe9346df"
},
{
"url": "https://www.darkreading.com/endpoint/oauth-flaw-in-expo-platform-affects-hundreds-of-third-party-sites-apps"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2023-28131",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-03-10T00:00:00.000Z",
"dateUpdated": "2025-02-04T16:33:56.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23746 (GCVE-0-2022-23746)
Vulnerability from cvelistv5 – Published: 2022-11-30 00:00 – Updated: 2025-04-25 14:31
VLAI?
Summary
The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.
Severity ?
7.5 (High)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Gateway & Management, IPsec VPN blade SNX portal. |
Affected:
R81.10 before take 79, R81 before take 77, R80.40 before take 180, R80.30 before take 255, R80.20 before 230
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk180271"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-23746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T14:31:35.502955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T14:31:53.350Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Gateway \u0026 Management, IPsec VPN blade SNX portal.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "R81.10 before take 79, R81 before take 77, R80.40 before take 180, R80.30 before take 255, R80.20 before 230"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-01T00:00:00.000Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk180271"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2022-23746",
"datePublished": "2022-11-30T00:00:00.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-25T14:31:53.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23748 (GCVE-0-2022-23748)
Vulnerability from cvelistv5 – Published: 2022-11-17 00:00 – Updated: 2025-10-21 23:15
VLAI?
Summary
mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.
Severity ?
7.8 (High)
CWE
- CWE-114 - Process Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Audinate Dante Application Library for Windows |
Affected:
All versions prior to and including 1.2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cpr-zero.checkpoint.com/vulns/cprid-2193/%2C"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.audinate.com/learning/faqs/audinate-response-to-dante-discovery-mdnsresponder-exe-security-issue-cve-2022-23748"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-23748",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T17:19:39.559883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-02-06",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-23748"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:31.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-23748"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-06T00:00:00+00:00",
"value": "CVE-2022-23748 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Audinate Dante Application Library for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-114",
"description": "CWE-114: Process Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-14T00:00:00.000Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://cpr-zero.checkpoint.com/vulns/cprid-2193/%2C"
},
{
"url": "https://www.audinate.com/learning/faqs/audinate-response-to-dante-discovery-mdnsresponder-exe-security-issue-cve-2022-23748"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2022-23748",
"datePublished": "2022-11-17T00:00:00.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:31.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23747 (GCVE-0-2022-23747)
Vulnerability from cvelistv5 – Published: 2022-08-17 20:52 – Updated: 2024-08-03 03:51
VLAI?
Summary
In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Sony Xperia |
Affected:
series 1, 5, and Pro
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cpr-zero.checkpoint.com/vulns/cprid-2191/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.checkpoint.com/2022/bad-alac-one-codec-to-hack-the-whole-world/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sony Xperia",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "series 1, 5, and Pro"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T20:52:26",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cpr-zero.checkpoint.com/vulns/cprid-2191/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.checkpoint.com/2022/bad-alac-one-codec-to-hack-the-whole-world/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2022-23747",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sony Xperia",
"version": {
"version_data": [
{
"version_value": "series 1, 5, and Pro"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cpr-zero.checkpoint.com/vulns/cprid-2191/",
"refsource": "MISC",
"url": "https://cpr-zero.checkpoint.com/vulns/cprid-2191/"
},
{
"name": "https://research.checkpoint.com/2022/bad-alac-one-codec-to-hack-the-whole-world/",
"refsource": "MISC",
"url": "https://research.checkpoint.com/2022/bad-alac-one-codec-to-hack-the-whole-world/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2022-23747",
"datePublished": "2022-08-17T20:52:26",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:46.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23745 (GCVE-0-2022-23745)
Vulnerability from cvelistv5 – Published: 2022-07-18 16:09 – Updated: 2024-08-03 03:51
VLAI?
Summary
A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS). This could result in application crashing but could not be used to gather any sensitive information.
Severity ?
No CVSS data available.
CWE
- CWE-1218 - Memory Buffer Errors
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Checkpoint Harmony Capsule Workspace |
Affected:
before 8.2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk179646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Checkpoint Harmony Capsule Workspace",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 8.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS). This could result in application crashing but could not be used to gather any sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1218",
"description": "CWE-1218: Memory Buffer Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-18T16:09:00",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk179646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2022-23745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Checkpoint Harmony Capsule Workspace",
"version": {
"version_data": [
{
"version_value": "before 8.2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS). This could result in application crashing but could not be used to gather any sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1218: Memory Buffer Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk179646",
"refsource": "MISC",
"url": "https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk179646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2022-23745",
"datePublished": "2022-07-18T16:09:20",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23744 (GCVE-0-2022-23744)
Vulnerability from cvelistv5 – Published: 2022-07-07 15:51 – Updated: 2024-08-03 03:51
VLAI?
Summary
Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator.
Severity ?
No CVSS data available.
CWE
- CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Enterprise Endpoint Security Windows Clients. |
Affected:
before E86.50
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk179609"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Enterprise Endpoint Security Windows Clients.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before E86.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-470",
"description": "CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-08T17:07:36",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk179609"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2022-23744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Enterprise Endpoint Security Windows Clients.",
"version": {
"version_data": [
{
"version_value": "before E86.50"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk179609",
"refsource": "MISC",
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk179609"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2022-23744",
"datePublished": "2022-07-07T15:51:44",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23742 (GCVE-0-2022-23742)
Vulnerability from cvelistv5 – Published: 2022-05-12 19:23 – Updated: 2024-08-03 03:51
VLAI?
Summary
Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links.
Severity ?
No CVSS data available.
CWE
- CWE-65 - Windows Hard Link
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Check Point Endpoint Security Client for Windows |
Affected:
before E86.40
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportcontent.checkpoint.com/solutions?id=sk178665%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportcontent.checkpoint.com/solutions?id=sk179132"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Check Point Endpoint Security Client for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before E86.40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-65",
"description": "CWE-65: Windows Hard Link",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T19:23:18",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportcontent.checkpoint.com/solutions?id=sk178665%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportcontent.checkpoint.com/solutions?id=sk179132"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2022-23742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Check Point Endpoint Security Client for Windows",
"version": {
"version_data": [
{
"version_value": "before E86.40"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-65: Windows Hard Link"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportcontent.checkpoint.com/solutions?id=sk178665,",
"refsource": "MISC",
"url": "https://supportcontent.checkpoint.com/solutions?id=sk178665,"
},
{
"name": "https://supportcontent.checkpoint.com/solutions?id=sk179132",
"refsource": "MISC",
"url": "https://supportcontent.checkpoint.com/solutions?id=sk179132"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2022-23742",
"datePublished": "2022-05-12T19:23:18",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:46.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30361 (GCVE-0-2021-30361)
Vulnerability from cvelistv5 – Published: 2022-05-11 16:42 – Updated: 2024-08-03 22:32
VLAI?
Summary
The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.
Severity ?
No CVSS data available.
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Check Point Gaia Portal |
Affected:
before Jumbo HFAs released 13-Apr-2022
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportcontent.checkpoint.com/solutions?id=sk179128"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Check Point Gaia Portal",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before Jumbo HFAs released 13-Apr-2022"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Check Point Gaia Portal\u0027s GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:42:52",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportcontent.checkpoint.com/solutions?id=sk179128"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2021-30361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Check Point Gaia Portal",
"version": {
"version_data": [
{
"version_value": "before Jumbo HFAs released 13-Apr-2022"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Check Point Gaia Portal\u0027s GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportcontent.checkpoint.com/solutions?id=sk179128",
"refsource": "MISC",
"url": "https://supportcontent.checkpoint.com/solutions?id=sk179128"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2021-30361",
"datePublished": "2022-05-11T16:42:52",
"dateReserved": "2021-04-07T00:00:00",
"dateUpdated": "2024-08-03T22:32:41.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23743 (GCVE-0-2022-23743)
Vulnerability from cvelistv5 – Published: 2022-05-11 00:00 – Updated: 2024-08-03 03:51
VLAI?
Summary
Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.192119
Severity ?
No CVSS data available.
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ZoneAlarm. |
Affected:
before v15.8.211.192119
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zonealarm.com/software/extreme-security/release-history"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZoneAlarm.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before v15.8.211.192119"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\\CheckPoint\\ZoneAlarm\\Data\\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.192119"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-30T00:00:00",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"url": "https://www.zonealarm.com/software/extreme-security/release-history"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2022-23743",
"datePublished": "2022-05-11T00:00:00",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30360 (GCVE-0-2021-30360)
Vulnerability from cvelistv5 – Published: 2022-01-07 22:39 – Updated: 2024-08-03 22:32
VLAI?
Summary
Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges.
Severity ?
No CVSS data available.
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Check Point Remote Access Client |
Affected:
before E86.20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportcontent.checkpoint.com/solutions?id=sk176853"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0001/MNDT-2022-0001.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Check Point Remote Access Client",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before E86.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-10T14:44:12",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportcontent.checkpoint.com/solutions?id=sk176853"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0001/MNDT-2022-0001.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2021-30360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Check Point Remote Access Client",
"version": {
"version_data": [
{
"version_value": "before E86.20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportcontent.checkpoint.com/solutions?id=sk176853",
"refsource": "MISC",
"url": "https://supportcontent.checkpoint.com/solutions?id=sk176853"
},
{
"name": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0001/MNDT-2022-0001.md",
"refsource": "MISC",
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0001/MNDT-2022-0001.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2021-30360",
"datePublished": "2022-01-07T22:39:56",
"dateReserved": "2021-04-07T00:00:00",
"dateUpdated": "2024-08-03T22:32:41.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30359 (GCVE-0-2021-30359)
Vulnerability from cvelistv5 – Published: 2021-10-22 13:32 – Updated: 2024-08-03 22:32
VLAI?
Summary
The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges.
Severity ?
No CVSS data available.
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Check Point Harmony Browse and SandBlast Agent for Browsers |
Affected:
before 90.08.7405
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportcontent.checkpoint.com/solutions?id=sk175968"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0007/MNDT-2021-0007.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Check Point Harmony Browse and SandBlast Agent for Browsers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 90.08.7405"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-22T15:47:05",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportcontent.checkpoint.com/solutions?id=sk175968"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0007/MNDT-2021-0007.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2021-30359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Check Point Harmony Browse and SandBlast Agent for Browsers",
"version": {
"version_data": [
{
"version_value": "before 90.08.7405"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportcontent.checkpoint.com/solutions?id=sk175968",
"refsource": "MISC",
"url": "https://supportcontent.checkpoint.com/solutions?id=sk175968"
},
{
"name": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0007/MNDT-2021-0007.md",
"refsource": "MISC",
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0007/MNDT-2021-0007.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2021-30359",
"datePublished": "2021-10-22T13:32:54",
"dateReserved": "2021-04-07T00:00:00",
"dateUpdated": "2024-08-03T22:32:41.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30358 (GCVE-0-2021-30358)
Vulnerability from cvelistv5 – Published: 2021-10-19 13:32 – Updated: 2024-08-03 22:32
VLAI?
Summary
Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent.
Severity ?
No CVSS data available.
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Check Point Mobile Access Portal Agent |
Affected:
before build 800007042
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportcontent.checkpoint.com/solutions?id=sk142952"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportcontent.checkpoint.com/solutions?id=sk175806"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Check Point Mobile Access Portal Agent",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before build 800007042"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mobile Access Portal Native Applications who\u0027s path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T13:34:09",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportcontent.checkpoint.com/solutions?id=sk142952"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportcontent.checkpoint.com/solutions?id=sk175806"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2021-30358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Check Point Mobile Access Portal Agent",
"version": {
"version_data": [
{
"version_value": "before build 800007042"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mobile Access Portal Native Applications who\u0027s path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportcontent.checkpoint.com/solutions?id=sk142952",
"refsource": "MISC",
"url": "https://supportcontent.checkpoint.com/solutions?id=sk142952"
},
{
"name": "https://supportcontent.checkpoint.com/solutions?id=sk175806",
"refsource": "MISC",
"url": "https://supportcontent.checkpoint.com/solutions?id=sk175806"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2021-30358",
"datePublished": "2021-10-19T13:32:46",
"dateReserved": "2021-04-07T00:00:00",
"dateUpdated": "2024-08-03T22:32:41.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30355 (GCVE-0-2021-30355)
Vulnerability from cvelistv5 – Published: 2021-09-01 18:04 – Updated: 2024-08-03 22:32
VLAI?
Summary
Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root.
Severity ?
No CVSS data available.
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Amazon Kindle e-reader |
Affected:
All versions prior to and including 5.13.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.checkpoint.com/2021/i-can-take-over-your-kindle/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Amazon Kindle e-reader",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 5.13.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-01T18:04:18",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.checkpoint.com/2021/i-can-take-over-your-kindle/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2021-30355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Amazon Kindle e-reader",
"version": {
"version_data": [
{
"version_value": "All versions prior to and including 5.13.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://research.checkpoint.com/2021/i-can-take-over-your-kindle/",
"refsource": "MISC",
"url": "https://research.checkpoint.com/2021/i-can-take-over-your-kindle/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2021-30355",
"datePublished": "2021-09-01T18:04:18",
"dateReserved": "2021-04-07T00:00:00",
"dateUpdated": "2024-08-03T22:32:41.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30354 (GCVE-0-2021-30354)
Vulnerability from cvelistv5 – Published: 2021-09-01 17:43 – Updated: 2024-08-03 22:32
VLAI?
Summary
Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF book.
Severity ?
No CVSS data available.
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Amazon Kindle e-reader |
Affected:
All versions prior to and including 5.13.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.checkpoint.com/2021/i-can-take-over-your-kindle/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Amazon Kindle e-reader",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to and including 5.13.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF book."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-01T17:43:38",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.checkpoint.com/2021/i-can-take-over-your-kindle/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2021-30354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Amazon Kindle e-reader",
"version": {
"version_data": [
{
"version_value": "All versions prior to and including 5.13.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results in a memory corruption that leads to code execution when parsing a crafted PDF book."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://research.checkpoint.com/2021/i-can-take-over-your-kindle/",
"refsource": "MISC",
"url": "https://research.checkpoint.com/2021/i-can-take-over-your-kindle/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2021-30354",
"datePublished": "2021-09-01T17:43:38",
"dateReserved": "2021-04-07T00:00:00",
"dateUpdated": "2024-08-03T22:32:41.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30357 (GCVE-0-2021-30357)
Vulnerability from cvelistv5 – Published: 2021-06-08 13:31 – Updated: 2024-08-03 22:32
VLAI?
Summary
SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access.
Severity ?
No CVSS data available.
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | SSL Network Extender Client for Linux |
Affected:
before build 800008302
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:40.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportcontent.checkpoint.com/solutions?id=sk173513"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SSL Network Extender Client for Linux",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before build 800008302"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-08T13:31:53",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportcontent.checkpoint.com/solutions?id=sk173513"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2021-30357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SSL Network Extender Client for Linux",
"version": {
"version_data": [
{
"version_value": "before build 800008302"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209: Generation of Error Message Containing Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportcontent.checkpoint.com/solutions?id=sk173513",
"refsource": "MISC",
"url": "https://supportcontent.checkpoint.com/solutions?id=sk173513"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2021-30357",
"datePublished": "2021-06-08T13:31:53",
"dateReserved": "2021-04-07T00:00:00",
"dateUpdated": "2024-08-03T22:32:40.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}