CVE-2021-30360
First published: Fri Jan 07 2022(Updated: )
Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges.
Credit: cve@checkpoint.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Checkpoint Endpoint Security | <e86.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-30360?
The severity of CVE-2021-30360 is high with a severity value of 7.8.
How does CVE-2021-30360 affect Checkpoint Endpoint Security?
CVE-2021-30360 affects Checkpoint Endpoint Security versions up to and excluding e86.20 on Windows.
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-30360?
The CWE ID for CVE-2021-30360 is 427.
How can an attacker exploit CVE-2021-30360?
An attacker can exploit CVE-2021-30360 by initiating the installation repair and placing a specially crafted EXE in the repair folder.
Are there any references available for CVE-2021-30360?
Yes, you can refer to the following links for more information: [link1](https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0001/MNDT-2022-0001.md), [link2](https://supportcontent.checkpoint.com/solutions?id=sk176853)
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/first-publish-date
- agent/tags
- agent/event
- agent/description
- vendor/checkpoint
- canonical/checkpoint endpoint security