Vulners
Lucene search
Check Point Gaia Operating System (sk185033)
| Reporter | Title | Published | Views | Family All 24 |
|---|---|---|---|---|
 | Exploit for Improper Authentication in Checkpoint Gaia_Os | 10 Jun 202614:40 | – | githubexploit |
| Exploit for Improper Authentication in Checkpoint Gaia_Os | 16 Jun 202611:08 | – | githubexploit |
| Exploit for Improper Authentication in Checkpoint Gaia_Os | 12 Jun 202614:25 | – | githubexploit |
| Exploit for Improper Authentication in Checkpoint Gaia_Os | 10 Jun 202614:16 | – | githubexploit |
 | CVE-2026-50751 | 8 Jun 202611:07 | – | attackerkb |
 | CVE-2026-50751 | 8 Jun 202607:24 | – | circl |
 | Check Point Security Gateway Improper Authentication Vulnerability | 8 Jun 202600:00 | – | cisa_kev |
 | CISA Adds Two Known Exploited Vulnerabilities to Catalog | 8 Jun 202612:00 | – | cisa |
 | Check Point Quantum Security Gateway 授权问题漏洞 | 8 Jun 202600:00 | – | cnnvd |
 | CVE-2026-50751 - User Authentication bypass on VPN Remote Access and Mobile Access in deprecated IKEv1 key exchange | 4 Jun 202600:00 | – | checkpoint_security |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(321197);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/16");
script_cve_id("CVE-2026-50751");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2026/06/11");
script_name(english:"Check Point Gaia Operating System (sk185033)");
script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"The version of Gaia Operating System installed on the remote host is prior to tested version. It is, therefore, affected
by a vulnerability as referenced in the sk185033 advisory.
- A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key
exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote
access VPN connection without a valid user password. (CVE-2026-50751)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://support.checkpoint.com/results/sk/sk185033");
script_set_attribute(attribute:"solution", value:
"Apply the relevant patch referenced in the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:N");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:A");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-50751");
script_set_attribute(attribute:"exploited_by_nessus", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/08");
script_set_attribute(attribute:"patch_publication_date", value:"2026/06/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/16");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:check_point:gaia_os");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Firewalls");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("check_point_gaia_os_version.nbin");
script_require_keys("Host/Check_Point/version", "Host/Check_Point/installed_hotfixes", "Settings/ParanoidReport");
exit(0);
}
if (report_paranoia < 2) audit(AUDIT_PARANOID);
var app_name = 'Gaia Operating System';
var version = get_kb_item_or_exit('Host/Check_Point/version');
var hfs = get_kb_item_or_exit('Host/Check_Point/installed_hotfixes');
var vuln = FALSE;
if ((version == 'R80.20') || (version == 'R80.40') ||
(version == 'R81') || (version == 'R81.10') || (version == 'R81.20') ||
(version == 'R82') || (version == 'R82.00') || (version == 'R82.10')
)
{
if ('sk185033' >!< hfs)
vuln = TRUE;
}
else
audit(AUDIT_DEVICE_NOT_VULN, 'The remote device running ' + app_name + ' (version ' + version + ')');
if (vuln)
{
var report =
'\n Installed version : ' + version +
'\n Hotfix required : Hotfix sk185033' +
'\n';
security_report_v4(port:0, severity:SECURITY_HOLE, extra:report);
}
else audit(AUDIT_DEVICE_NOT_VULN, 'The remote device running ' + app_name + ' (version ' + version + ')');
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Jun 2026 00:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.19.3
EPSS0.06216
SSVC