CVE-2021-30360 Vulnerability Details

  /     /     /  

CVE-2021-30360 Metadata Quick Info

CVE Published: 07/01/2022 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: checkpoint | Vendor: n/a | Product: Check Point Remote Access Client
Status : PUBLISHED

---

CVE-2021-30360 Description

Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-427
CWE Name: CWE-427: Uncontrolled Search Path Element
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).