PT-2022-10015 · Check Point · Check Point Remote Access Client

Ronnie Salomonsen

Published

2022-01-07

Updated

2022-01-14

CVE-2021-30360

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Check Point Remote Access Client (affected versions not specified)

Description The issue allows regular users to initiate the installation repair of the Check Point Remote Access Client, potentially enabling an attacker to place a specially crafted EXE in the repair folder. This EXE would run with the privileges of the Check Point Remote Access Client.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2021-30360

Affected Products

Check Point Remote Access Client

PT-2022-10015 · Check Point · Check Point Remote Access Client

CVE-2021-30360

Weakness Enumeration

Related Identifiers

Affected Products

References · 4