Local user may lead to privilege escalation using Gaia Portal hostnames page.
[
{
"cpes": [
"cpe:2.3:a:checkpoint:gaia_portal:*:*:*:*:*:*:*:*"
],
"vendor": "checkpoint",
"product": "gaia_portal",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "take14",
"versionType": "custom"
},
{
"status": "affected",
"version": "r81.10",
"lessThan": "take82",
"versionType": "custom"
},
{
"status": "affected",
"version": "r80.40",
"lessThan": "take198",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]
packetstormsecurity.com/files/173918/Checkpoint-Gaia-Portal-R81.10-Remote-Command-Execution.html
seclists.org/fulldisclosure/2023/Aug/4
seclists.org/fulldisclosure/2023/Jul/43
pentests.nl/pentest-blog/cve-2023-28130-command-injection-in-check-point-gaia-portal/
support.checkpoint.com/results/sk/sk181311