cvelistv5 - cve-2021-30361

CVE-2021-30361 (GCVE-0-2021-30361)

Vulnerability from cvelistv5 – Published: 2022-05-11 16:42 – Updated: 2024-08-03 22:32

Summary

The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.

Severity ?

No CVSS data available.

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

checkpoint

References

URL

Tags

https://supportcontent.checkpoint.com/solutions?i…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Check Point Gaia Portal	Affected: before Jumbo HFAs released 13-Apr-2022

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:32:41.127Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://supportcontent.checkpoint.com/solutions?id=sk179128"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Check Point Gaia Portal",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before Jumbo HFAs released 13-Apr-2022"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Check Point Gaia Portal\u0027s GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-11T16:42:52",
        "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "shortName": "checkpoint"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://supportcontent.checkpoint.com/solutions?id=sk179128"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@checkpoint.com",
          "ID": "CVE-2021-30361",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Check Point Gaia Portal",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before Jumbo HFAs released 13-Apr-2022"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Check Point Gaia Portal\u0027s GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://supportcontent.checkpoint.com/solutions?id=sk179128",
              "refsource": "MISC",
              "url": "https://supportcontent.checkpoint.com/solutions?id=sk179128"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
    "assignerShortName": "checkpoint",
    "cveId": "CVE-2021-30361",
    "datePublished": "2022-05-11T16:42:52",
    "dateReserved": "2021-04-07T00:00:00",
    "dateUpdated": "2024-08-03T22:32:41.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:gaia_portal:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2022-04-13\", \"matchCriteriaId\": \"3426C04E-947F-411F-87FA-0BC1316AFE72\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:checkpoint:gaia_os:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51E8827B-8B83-487D-A7EE-26F8A0702F1E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:checkpoint:quantum_security_management:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08601413-25E2-4977-B67A-C11A9D788EA8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:checkpoint:gaia_os:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51E8827B-8B83-487D-A7EE-26F8A0702F1E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9016DDF6-285C-4E64-88D0-29ECCEF048F8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Check Point Gaia Portal\u0027s GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.\"}, {\"lang\": \"es\", \"value\": \"Los Clientes GUI del Portal Gaia de Check Point permit\\u00edan a administradores autenticados con permiso para la configuraci\\u00f3n de los Clientes GUI inyectar un comando que ser\\u00eda ejecutado en el Sistema Operativo Gaia\"}]",
      "id": "CVE-2021-30361",
      "lastModified": "2024-11-21T06:03:56.933",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-05-11T17:15:08.833",
      "references": "[{\"url\": \"https://supportcontent.checkpoint.com/solutions?id=sk179128\", \"source\": \"cve@checkpoint.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://supportcontent.checkpoint.com/solutions?id=sk179128\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@checkpoint.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cve@checkpoint.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-30361\",\"sourceIdentifier\":\"cve@checkpoint.com\",\"published\":\"2022-05-11T17:15:08.833\",\"lastModified\":\"2024-11-21T06:03:56.933\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Check Point Gaia Portal\u0027s GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.\"},{\"lang\":\"es\",\"value\":\"Los Clientes GUI del Portal Gaia de Check Point permit\u00edan a administradores autenticados con permiso para la configuraci\u00f3n de los Clientes GUI inyectar un comando que ser\u00eda ejecutado en el Sistema Operativo Gaia\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cve@checkpoint.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:gaia_portal:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2022-04-13\",\"matchCriteriaId\":\"3426C04E-947F-411F-87FA-0BC1316AFE72\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:checkpoint:gaia_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51E8827B-8B83-487D-A7EE-26F8A0702F1E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:checkpoint:quantum_security_management:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08601413-25E2-4977-B67A-C11A9D788EA8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:checkpoint:gaia_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51E8827B-8B83-487D-A7EE-26F8A0702F1E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9016DDF6-285C-4E64-88D0-29ECCEF048F8\"}]}]}],\"references\":[{\"url\":\"https://supportcontent.checkpoint.com/solutions?id=sk179128\",\"source\":\"cve@checkpoint.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://supportcontent.checkpoint.com/solutions?id=sk179128\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2022-AVI-458

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Check Point. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Check Point	N/A	Jumbo Hotfix Accumulator versions R80.30 sans le correctif de sécurité 251
Check Point	N/A	Jumbo Hotfix Accumulator versions R80.40 sans le correctif de sécurité 150
Check Point	N/A	Enterprise Endpoint Security (clients Windows) versions antérieures à E86.40
Check Point	N/A	Jumbo Hotfix Accumulator versions R80.20 sans le correctif de sécurité 298
Check Point	N/A	Jumbo Hotfix Accumulator versions R81 sans le correctif de sécurité 60
Check Point	N/A	Jumbo Hotfix Accumulator versions R81.10 sans le correctif de sécurité 22

References

Title

Publication Time

Tags

Bulletin de sécurité Check Point du 11 mai 2022	None	vendor-advisory
Bulletin de sécurité Check Point du 10 mai 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Jumbo Hotfix Accumulator versions R80.30 sans le correctif de s\u00e9curit\u00e9 251",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    },
    {
      "description": "Jumbo Hotfix Accumulator versions R80.40 sans le correctif de s\u00e9curit\u00e9 150",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    },
    {
      "description": "Enterprise Endpoint Security (clients Windows) versions ant\u00e9rieures \u00e0 E86.40",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    },
    {
      "description": "Jumbo Hotfix Accumulator versions R80.20 sans le correctif de s\u00e9curit\u00e9 298",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    },
    {
      "description": "Jumbo Hotfix Accumulator versions R81 sans le correctif de s\u00e9curit\u00e9 60",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    },
    {
      "description": "Jumbo Hotfix Accumulator versions R81.10 sans le correctif de s\u00e9curit\u00e9 22",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-23742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23742"
    },
    {
      "name": "CVE-2021-30361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30361"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-458",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-05-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Check\nPoint. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Check Point",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Check Point du 11 mai 2022",
      "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk179132\u0026src=securityAlerts"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Check Point du 10 mai 2022",
      "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk179128\u0026src=securityAlerts"
    }
  ]
}

CERTFR-2022-AVI-458

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Check Point. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Check Point	N/A	Jumbo Hotfix Accumulator versions R80.30 sans le correctif de sécurité 251
Check Point	N/A	Jumbo Hotfix Accumulator versions R80.40 sans le correctif de sécurité 150
Check Point	N/A	Enterprise Endpoint Security (clients Windows) versions antérieures à E86.40
Check Point	N/A	Jumbo Hotfix Accumulator versions R80.20 sans le correctif de sécurité 298
Check Point	N/A	Jumbo Hotfix Accumulator versions R81 sans le correctif de sécurité 60
Check Point	N/A	Jumbo Hotfix Accumulator versions R81.10 sans le correctif de sécurité 22

References

Title

Publication Time

Tags

Bulletin de sécurité Check Point du 11 mai 2022	None	vendor-advisory
Bulletin de sécurité Check Point du 10 mai 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Jumbo Hotfix Accumulator versions R80.30 sans le correctif de s\u00e9curit\u00e9 251",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    },
    {
      "description": "Jumbo Hotfix Accumulator versions R80.40 sans le correctif de s\u00e9curit\u00e9 150",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    },
    {
      "description": "Enterprise Endpoint Security (clients Windows) versions ant\u00e9rieures \u00e0 E86.40",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    },
    {
      "description": "Jumbo Hotfix Accumulator versions R80.20 sans le correctif de s\u00e9curit\u00e9 298",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    },
    {
      "description": "Jumbo Hotfix Accumulator versions R81 sans le correctif de s\u00e9curit\u00e9 60",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    },
    {
      "description": "Jumbo Hotfix Accumulator versions R81.10 sans le correctif de s\u00e9curit\u00e9 22",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-23742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23742"
    },
    {
      "name": "CVE-2021-30361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30361"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-458",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-05-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Check\nPoint. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Check Point",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Check Point du 11 mai 2022",
      "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk179132\u0026src=securityAlerts"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Check Point du 10 mai 2022",
      "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk179128\u0026src=securityAlerts"
    }
  ]
}

GSD-2021-30361

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.

Aliases

CVE-2021-30361

Aliases

CVE-2021-30361

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-30361",
    "description": "The Check Point Gaia Portal\u0027s GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.",
    "id": "GSD-2021-30361"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-30361"
      ],
      "details": "The Check Point Gaia Portal\u0027s GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.",
      "id": "GSD-2021-30361",
      "modified": "2023-12-13T01:23:31.191378Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@checkpoint.com",
        "ID": "CVE-2021-30361",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Check Point Gaia Portal",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "before Jumbo HFAs released 13-Apr-2022"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Check Point Gaia Portal\u0027s GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://supportcontent.checkpoint.com/solutions?id=sk179128",
            "refsource": "MISC",
            "url": "https://supportcontent.checkpoint.com/solutions?id=sk179128"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:gaia_portal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022-04-13",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:checkpoint:gaia_os:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:checkpoint:quantum_security_management:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:checkpoint:gaia_os:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@checkpoint.com",
          "ID": "CVE-2021-30361"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Check Point Gaia Portal\u0027s GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://supportcontent.checkpoint.com/solutions?id=sk179128",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://supportcontent.checkpoint.com/solutions?id=sk179128"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-05-25T14:20Z",
      "publishedDate": "2022-05-11T17:15Z"
    }
  }
}

GHSA-XXRJ-3Q2M-W65M

Vulnerability from github – Published: 2022-05-12 00:01 – Updated: 2022-05-26 00:01

Details

The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.

Severity ?

6.7 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-30361"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-11T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Check Point Gaia Portal\u0027s GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.",
  "id": "GHSA-xxrj-3q2m-w65m",
  "modified": "2022-05-26T00:01:26Z",
  "published": "2022-05-12T00:01:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30361"
    },
    {
      "type": "WEB",
      "url": "https://supportcontent.checkpoint.com/solutions?id=sk179128"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2021-30361

Vulnerability from fkie_nvd - Published: 2022-05-11 17:15 - Updated: 2024-11-21 06:03

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.

References

	URL	Tags
	cve@checkpoint.com	https://supportcontent.checkpoint.com/solutions?id=sk179128	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://supportcontent.checkpoint.com/solutions?id=sk179128	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
checkpoint	gaia_portal	*
checkpoint	gaia_os	-
checkpoint	quantum_security_management	-
checkpoint	gaia_os	-
checkpoint	quantum_security_gateway	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:checkpoint:gaia_portal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3426C04E-947F-411F-87FA-0BC1316AFE72",
              "versionEndExcluding": "2022-04-13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:checkpoint:gaia_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51E8827B-8B83-487D-A7EE-26F8A0702F1E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:checkpoint:quantum_security_management:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08601413-25E2-4977-B67A-C11A9D788EA8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:checkpoint:gaia_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51E8827B-8B83-487D-A7EE-26F8A0702F1E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9016DDF6-285C-4E64-88D0-29ECCEF048F8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Check Point Gaia Portal\u0027s GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS."
    },
    {
      "lang": "es",
      "value": "Los Clientes GUI del Portal Gaia de Check Point permit\u00edan a administradores autenticados con permiso para la configuraci\u00f3n de los Clientes GUI inyectar un comando que ser\u00eda ejecutado en el Sistema Operativo Gaia"
    }
  ],
  "id": "CVE-2021-30361",
  "lastModified": "2024-11-21T06:03:56.933",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-05-11T17:15:08.833",
  "references": [
    {
      "source": "cve@checkpoint.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://supportcontent.checkpoint.com/solutions?id=sk179128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://supportcontent.checkpoint.com/solutions?id=sk179128"
    }
  ],
  "sourceIdentifier": "cve@checkpoint.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "cve@checkpoint.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-202205-0752

Vulnerability from variot - Updated: 2023-12-18 13:22

The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0752",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "gaia os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": null
      },
      {
        "model": "gaia portal",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "checkpoint",
        "version": "2022-04-13"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-30361"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:gaia_portal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022-04-13",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:checkpoint:gaia_os:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:checkpoint:quantum_security_management:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:checkpoint:gaia_os:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-30361"
      }
    ]
  },
  "cve": "CVE-2021-30361",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "VHN-390039",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-30361",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202205-2954",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-390039",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390039"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30361"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2954"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Check Point Gaia Portal\u0027s GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-30361"
      },
      {
        "db": "VULHUB",
        "id": "VHN-390039"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30361"
      }
    ],
    "trust": 1.08
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-30361",
        "trust": 1.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2954",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-390039",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30361",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390039"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30361"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30361"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2954"
      }
    ]
  },
  "id": "VAR-202205-0752",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390039"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:22:24.211000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Check Point Gaia Portal Fixes for operating system command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=194055"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2954"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390039"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30361"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://supportcontent.checkpoint.com/solutions?id=sk179128"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2021-30361/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/check-point-gaia-code-execution-via-portal-38331"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390039"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30361"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30361"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2954"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-390039"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30361"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30361"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2954"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390039"
      },
      {
        "date": "2022-05-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-30361"
      },
      {
        "date": "2022-05-11T17:15:08.833000",
        "db": "NVD",
        "id": "CVE-2021-30361"
      },
      {
        "date": "2022-05-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-2954"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390039"
      },
      {
        "date": "2022-05-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-30361"
      },
      {
        "date": "2022-05-25T14:20:02.910000",
        "db": "NVD",
        "id": "CVE-2021-30361"
      },
      {
        "date": "2022-05-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-2954"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2954"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Check Point Gaia Portal Operating system command injection vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2954"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2954"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-30361 (GCVE-0-2021-30361)

CERTFR-2022-AVI-458

Solution

CERTFR-2022-AVI-458

Solution

GSD-2021-30361

GHSA-XXRJ-3Q2M-W65M

FKIE_CVE-2021-30361

VAR-202205-0752

Tags

Sightings

Nomenclature