Sign-up

ID

VAR-202201-1710


CVE

CVE-2021-30360


TITLE

Endpoint Security  Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017798

DESCRIPTION

Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges. Endpoint Security Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-30360 // JVNDB: JVNDB-2021-017798 // VULHUB: VHN-390038

AFFECTED PRODUCTS

vendor:checkpointmodel:endpoint securityscope:ltversion:e86.20

Trust: 1.0

vendor:チェック ポイント ソフトウェア テクノロジーズmodel:endpoint securityscope: - version: -

Trust: 0.8

vendor:チェック ポイント ソフトウェア テクノロジーズmodel:endpoint securityscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-017798 // NVD: CVE-2021-30360

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30360
value: HIGH

Trust: 1.0

NVD: CVE-2021-30360
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202201-561
value: HIGH

Trust: 0.6

VULHUB: VHN-390038
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-30360
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-390038
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30360
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-30360
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-390038 // JVNDB: JVNDB-2021-017798 // CNNVD: CNNVD-202201-561 // NVD: CVE-2021-30360

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.1

problemtype:Uncontrolled search path elements (CWE-427) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-390038 // JVNDB: JVNDB-2021-017798 // NVD: CVE-2021-30360

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-561

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202201-561

PATCH

title:sk176853url:https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176853

Trust: 0.8

title:Enterprise Endpoint Security Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178038

Trust: 0.6

sources: JVNDB: JVNDB-2021-017798 // CNNVD: CNNVD-202201-561

EXTERNAL IDS

db:NVDid:CVE-2021-30360

Trust: 3.3

db:JVNDBid:JVNDB-2021-017798

Trust: 0.8

db:CNNVDid:CNNVD-202201-561

Trust: 0.6

db:VULHUBid:VHN-390038

Trust: 0.1

sources: VULHUB: VHN-390038 // JVNDB: JVNDB-2021-017798 // CNNVD: CNNVD-202201-561 // NVD: CVE-2021-30360

REFERENCES

url:https://github.com/mandiant/vulnerability-disclosures/blob/master/2022/mndt-2022-0001/mndt-2022-0001.md

Trust: 1.7

url:https://supportcontent.checkpoint.com/solutions?id=sk176853

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30360

Trust: 1.4

sources: VULHUB: VHN-390038 // JVNDB: JVNDB-2021-017798 // CNNVD: CNNVD-202201-561 // NVD: CVE-2021-30360

SOURCES

db:VULHUBid:VHN-390038
db:JVNDBid:JVNDB-2021-017798
db:CNNVDid:CNNVD-202201-561
db:NVDid:CVE-2021-30360

LAST UPDATE DATE

2024-08-14T15:21:59.264000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390038date:2022-01-14T00:00:00
db:JVNDBid:JVNDB-2021-017798date:2023-02-08T07:58:00
db:CNNVDid:CNNVD-202201-561date:2022-03-10T00:00:00
db:NVDid:CVE-2021-30360date:2022-01-14T16:43:21.767

SOURCES RELEASE DATE

db:VULHUBid:VHN-390038date:2022-01-10T00:00:00
db:JVNDBid:JVNDB-2021-017798date:2023-02-08T00:00:00
db:CNNVDid:CNNVD-202201-561date:2022-01-10T00:00:00
db:NVDid:CVE-2021-30360date:2022-01-10T14:10:17.190