CVE-2021-30360 Information

Description

Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://supportcontent.checkpoint.com/solutions?id=sk176853 https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0001/MNDT-2022-0001.md

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8