CheckpointCVE-2023-28130CVE-2023-28130
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
42.6%
Local user may lead to privilege escalation using Gaia Portal hostnames page.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| checkpoint | gaia_portal | r80.40 | cpe:2.3:a:checkpoint:gaia_portal:r80.40:-:*:*:*:*:*:* |
| checkpoint | gaia_portal | r81 | cpe:2.3:a:checkpoint:gaia_portal:r81:-:*:*:*:*:*:* |
| checkpoint | gaia_portal | r81.10 | cpe:2.3:a:checkpoint:gaia_portal:r81.10:-:*:*:*:*:*:* |
| checkpoint | gaia_portal | r81.20 | cpe:2.3:a:checkpoint:gaia_portal:r81.20:-:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Quantum Appliances, Quantum Security Gateways",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "R81.20 before take 14, R81.10 before take 95, R81 before take 82 R80.40 before take 198"
}
]
}
]References
packetstormsecurity.com/files/173918/Checkpoint-Gaia-Portal-R81.10-Remote-Command-Execution.html
seclists.org/fulldisclosure/2023/Aug/4
seclists.org/fulldisclosure/2023/Jul/43
pentests.nl/pentest-blog/cve-2023-28130-command-injection-in-check-point-gaia-portal/
support.checkpoint.com/results/sk/sk181311
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
42.6%