CVE-2021-30360

Summary

Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges.

Affected Software

VendorProductVersion RangeStatus
n/aCheck Point Remote Access Clientbefore E86.20affected

Weaknesses

  • CWE-427: CWE-427: Uncontrolled Search Path Element

ADP Enrichment

CVE Program Container

Additional References

References