CVE-2021-30360
Published: 10 January 2022
Summary
CVE-2021-30360 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Checkpoint Endpoint Security. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 31.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-17291
Vulnerability details
Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which…
more
runs with the Check Point Remote Access Client privileges.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.