CVE-2021-30357

🗓️ 08 Jun 2021 13:31:53Reported by checkpointType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 114 Views🌐 WEB

SSL Network Extender Client for Linux before build 800008302 partially discloses configuration file contents, allowing access to unauthorized files

Reporter	Title	Published	Views	Family All 10
GithubExploit	Exploit for Generation of Error Message Containing Sensitive Information in Checkpoint Ssl_Network_Extender	18 Jun 202321:52	–	githubexploit
Circl	CVE-2021-30357	20 Jun 202311:01	–	circl
CNNVD	Arch Linux安全漏洞	8 Jun 202100:00	–	cnnvd
CheckPoint Security	Check Point Response to CVE-2021-30357 - partial information disclosure in SNX client for Linux before build 800008302	19 May 202100:00	–	checkpoint_security
Cvelist	CVE-2021-30357	8 Jun 202113:31	–	cvelist
NVD	CVE-2021-30357	8 Jun 202114:15	–	nvd
OSV	CVE-2021-30357	8 Jun 202114:15	–	osv
Prion	Design/Logic Flaw	8 Jun 202114:15	–	prion
Positive Technologies	PT-2021-18719 · Unknown · Ssl Network Extender Client	8 Jun 202100:00	–	ptsecurity
RedhatCVE	CVE-2021-30357	22 May 202519:39	–	redhatcve

NVD

Node

checkpoint ssl_network_extenderMatchr80.10linux

checkpoint ssl_network_extenderMatchr80.20linux

checkpoint ssl_network_extenderMatchr80.30linux

checkpoint ssl_network_extenderMatchr80.40linux

checkpoint ssl_network_extenderMatchr81linux

[
  {
    "product": "SSL Network Extender Client for Linux",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "before build 800008302"
      }
    ]
  }
]

Source	Link
supportcontent	www.supportcontent.checkpoint.com/solutions

Parameter	Position	Path	Description	CWE
-f	path	/usr/bin/snx	Arbitrary file read via SNX VPN Linux client when invoked with -f to load a file (e.g., /etc/shadow) leveraging the binary running with elevated privileges.	CWE-209

21 Nov 2024 06:03Current

5.2Medium risk

Vulners AI Score5.2

CVSS 25

CVSS 3.15.3

EPSS0.29976

CWE-209