CVE-2023-28130
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Local user may lead to privilege escalation using Gaia Portal hostnames page.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Quantum Appliances, Quantum Security Gateways | R81.20 before take 14, R81.10 before take 95, R81 before take 82 R80.40 before take 198 | affected |
Weaknesses
- CWE-20: CWE-20: Improper Input Validation
ADP Enrichment
CVE Program Container
Additional References
- https://support.checkpoint.com/results/sk/sk181311
- https://pentests.nl/pentest-blog/cve-2023-28130-command-injection-in-check-point-gaia-portal/
- http://seclists.org/fulldisclosure/2023/Jul/43
- http://seclists.org/fulldisclosure/2023/Aug/4
- http://packetstormsecurity.com/files/173918/Checkpoint-Gaia-Portal-R81.10-Remote-Command-Execution.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://support.checkpoint.com/results/sk/sk181311
- https://pentests.nl/pentest-blog/cve-2023-28130-command-injection-in-check-point-gaia-portal/
- http://seclists.org/fulldisclosure/2023/Jul/43
- http://seclists.org/fulldisclosure/2023/Aug/4
- http://packetstormsecurity.com/files/173918/Checkpoint-Gaia-Portal-R81.10-Remote-Command-Execution.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.