CVE-2023-28130 – Checkpoint Gaia Portal R81.10 Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-28130
Local user may lead to privilege escalation using Gaia Portal hostnames page. Checkpoint Gaia Portal version R81.10 suffers from a remote command execution vulnerability. • http://packetstormsecurity.com/files/173918/Checkpoint-Gaia-Portal-R81.10-Remote-Command-Execution.html http://seclists.org/fulldisclosure/2023/Aug/4 http://seclists.org/fulldisclosure/2023/Jul/43 https://pentests.nl/pentest-blog/cve-2023-28130-command-injection-in-check-point-gaia-portal https://support.checkpoint.com/results/sk/sk181311 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2021-30361
https://notcve.org/view.php?id=CVE-2021-30361
The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS. Los Clientes GUI del Portal Gaia de Check Point permitían a administradores autenticados con permiso para la configuración de los Clientes GUI inyectar un comando que sería ejecutado en el Sistema Operativo Gaia • https://supportcontent.checkpoint.com/solutions?id=sk179128 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •