Uncontrolled Search Path Element
CVE-2021-30360
Summary
Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- NONE
- LOW
- HIGH
- HIGH
CWE-427 - Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
References
Advisory Timeline
- Published