Details of VAR-202106-1142

ID

VAR-202106-1142

CVE

CVE-2021-30357

TITLE

Linux for SSL Network Extender Vulnerability related to information leakage due to error message in client

Trust: 0.8

sources: JVNDB: JVNDB-2021-007957

DESCRIPTION

SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access

Trust: 1.8

sources: NVD: CVE-2021-30357 // JVNDB: JVNDB-2021-007957 // VULHUB: VHN-390035 // VULMON: CVE-2021-30357

AFFECTED PRODUCTS

vendor:	checkpoint	model:	ssl network extender	scope:	eq	version:	r80.30	Trust: 1.0
vendor:	checkpoint	model:	ssl network extender	scope:	eq	version:	r80.10	Trust: 1.0
vendor:	checkpoint	model:	ssl network extender	scope:	eq	version:	r81	Trust: 1.0
vendor:	checkpoint	model:	ssl network extender	scope:	eq	version:	r80.40	Trust: 1.0
vendor:	checkpoint	model:	ssl network extender	scope:	eq	version:	r80.20	Trust: 1.0
vendor:	チェックポイントソフトウェアテクノロジーズ	model:	ssl network extender	scope:	eq	version:	-	Trust: 0.8
vendor:	チェックポイントソフトウェアテクノロジーズ	model:	ssl network extender	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007957 // NVD: CVE-2021-30357

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-30357
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-30357
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202106-587
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-390035
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-30357
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-30357
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-390035
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-30357
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-30357
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-390035 // VULMON: CVE-2021-30357 // JVNDB: JVNDB-2021-007957 // CNNVD: CNNVD-202106-587 // NVD: CVE-2021-30357

PROBLEMTYPE DATA

problemtype:	CWE-209	Trust: 1.1
problemtype:	Information leakage due to error message (CWE-209) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-390035 // JVNDB: JVNDB-2021-007957 // NVD: CVE-2021-30357

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-587

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202106-587

PATCH

title:	sk173513	url:	https://supportcontent.checkpoint.com/solutions?id=sk173513	Trust: 0.8
title:	Arch Linux Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154835	Trust: 0.6
title:	-	url:	https://github.com/joaovarelas/CVE-2021-30357_CheckPoint_SNX_VPN_PoC	Trust: 0.1

sources: VULMON: CVE-2021-30357 // JVNDB: JVNDB-2021-007957 // CNNVD: CNNVD-202106-587

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30357	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-007957	Trust: 0.8
db:	CNNVD	id:	CNNVD-202106-587	Trust: 0.6
db:	VULHUB	id:	VHN-390035	Trust: 0.1
db:	VULMON	id:	CVE-2021-30357	Trust: 0.1

sources: VULHUB: VHN-390035 // VULMON: CVE-2021-30357 // JVNDB: JVNDB-2021-007957 // CNNVD: CNNVD-202106-587 // NVD: CVE-2021-30357

REFERENCES

url:	https://supportcontent.checkpoint.com/solutions?id=sk173513	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30357	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/209.html	Trust: 0.1
url:	https://github.com/joaovarelas/cve-2021-30357_checkpoint_snx_vpn_poc	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-390035 // VULMON: CVE-2021-30357 // JVNDB: JVNDB-2021-007957 // CNNVD: CNNVD-202106-587 // NVD: CVE-2021-30357

SOURCES

db:	VULHUB	id:	VHN-390035
db:	VULMON	id:	CVE-2021-30357
db:	JVNDB	id:	JVNDB-2021-007957
db:	CNNVD	id:	CNNVD-202106-587
db:	NVD	id:	CVE-2021-30357

LAST UPDATE DATE

2024-08-14T14:55:55.889000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-390035	date:	2021-06-17T00:00:00
db:	VULMON	id:	CVE-2021-30357	date:	2021-06-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-007957	date:	2022-02-28T09:08:00
db:	CNNVD	id:	CNNVD-202106-587	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2021-30357	date:	2021-06-17T16:05:22.110

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-390035	date:	2021-06-08T00:00:00
db:	VULMON	id:	CVE-2021-30357	date:	2021-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-007957	date:	2022-02-28T00:00:00
db:	CNNVD	id:	CNNVD-202106-587	date:	2021-06-08T00:00:00
db:	NVD	id:	CVE-2021-30357	date:	2021-06-08T14:15:07.973