CVE-2023-28130
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.4%
Local user may lead to privilege escalation using Gaia Portal hostnames page.
Affected configurations
CNA Affected
[
{
"product": "Quantum Appliances, Quantum Security Gateways",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "R81.20 before take 14, R81.10 before take 95, R81 before take 82 R80.40 before take 198"
}
]
}
]References
packetstormsecurity.com/files/173918/Checkpoint-Gaia-Portal-R81.10-Remote-Command-Execution.html
seclists.org/fulldisclosure/2023/Aug/4
seclists.org/fulldisclosure/2023/Jul/43
pentests.nl/pentest-blog/cve-2023-28130-command-injection-in-check-point-gaia-portal/
support.checkpoint.com/results/sk/sk181311
Related
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.4%