PT-2021-18721 · Check Point+1 · Check Point Harmony Browse+2

Ronnie Salomonsen

Published

2021-10-22

Updated

2021-10-27

CVE-2021-30359

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Check Point Harmony Browse and SandBlast Agent for Browsers versions prior to 90.08.7405

Description The issue arises because the MS Installer allows regular users to repair their installation. An attacker can exploit this by running an installer, starting the installation repair, and placing a specially crafted binary in the repair folder, which then runs with admin privileges.

Recommendations For versions prior to 90.08.7405, update to version 90.08.7405 or later to resolve the issue. As a temporary workaround, consider restricting access to the installation repair feature to minimize the risk of exploitation.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2021-30359

Affected Products

Check Point Harmony Browse

Ms Installer

Sandblast Agent For Browsers

PT-2021-18721 · Check Point+1 · Check Point Harmony Browse+2

CVE-2021-30359

Weakness Enumeration

Related Identifiers

Affected Products

References · 6