Sign-up

ID

VAR-202110-0946


CVE

CVE-2021-30358


TITLE

Mobile Access Portal Agent  In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-013878

DESCRIPTION

Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent. Mobile Access Portal Agent for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2021-30358 // JVNDB: JVNDB-2021-013878 // VULHUB: VHN-390036 // VULMON: CVE-2021-30358

AFFECTED PRODUCTS

vendor:checkpointmodel:mobile access portal agentscope:eqversion:r81

Trust: 1.0

vendor:checkpointmodel:mobile access portal agentscope:eqversion:r80.40

Trust: 1.0

vendor:checkpointmodel:mobile access portal agentscope:eqversion:r81.10

Trust: 1.0

vendor:checkpointmodel:mobile access portal agentscope:eqversion:r80.20

Trust: 1.0

vendor:checkpointmodel:mobile access portal agentscope:eqversion:r80.30

Trust: 1.0

vendor:チェック ポイント ソフトウェア テクノロジーズmodel:mobile access portal agentscope: - version: -

Trust: 0.8

vendor:チェック ポイント ソフトウェア テクノロジーズmodel:mobile access portal agentscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-013878 // NVD: CVE-2021-30358

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30358
value: HIGH

Trust: 1.0

NVD: CVE-2021-30358
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202110-1436
value: HIGH

Trust: 0.6

VULHUB: VHN-390036
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-30358
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-30358
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-390036
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30358
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-30358
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-390036 // VULMON: CVE-2021-30358 // JVNDB: JVNDB-2021-013878 // CNNVD: CNNVD-202110-1436 // NVD: CVE-2021-30358

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-390036 // JVNDB: JVNDB-2021-013878 // NVD: CVE-2021-30358

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1436

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202110-1436

PATCH

title:sk142952 Check Point Support Centerurl:https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk142952

Trust: 0.8

title:Check Point Mobile Access Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=167105

Trust: 0.6

sources: JVNDB: JVNDB-2021-013878 // CNNVD: CNNVD-202110-1436

EXTERNAL IDS

db:NVDid:CVE-2021-30358

Trust: 3.4

db:JVNDBid:JVNDB-2021-013878

Trust: 0.8

db:CNNVDid:CNNVD-202110-1436

Trust: 0.6

db:VULHUBid:VHN-390036

Trust: 0.1

db:VULMONid:CVE-2021-30358

Trust: 0.1

sources: VULHUB: VHN-390036 // VULMON: CVE-2021-30358 // JVNDB: JVNDB-2021-013878 // CNNVD: CNNVD-202110-1436 // NVD: CVE-2021-30358

REFERENCES

url:https://supportcontent.checkpoint.com/solutions?id=sk142952

Trust: 1.8

url:https://supportcontent.checkpoint.com/solutions?id=sk175806

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-30358

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-390036 // VULMON: CVE-2021-30358 // JVNDB: JVNDB-2021-013878 // CNNVD: CNNVD-202110-1436 // NVD: CVE-2021-30358

SOURCES

db:VULHUBid:VHN-390036
db:VULMONid:CVE-2021-30358
db:JVNDBid:JVNDB-2021-013878
db:CNNVDid:CNNVD-202110-1436
db:NVDid:CVE-2021-30358

LAST UPDATE DATE

2024-08-14T14:11:13.061000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390036date:2021-10-22T00:00:00
db:VULMONid:CVE-2021-30358date:2021-10-22T00:00:00
db:JVNDBid:JVNDB-2021-013878date:2022-09-29T05:13:00
db:CNNVDid:CNNVD-202110-1436date:2021-10-28T00:00:00
db:NVDid:CVE-2021-30358date:2021-10-22T18:04:35.433

SOURCES RELEASE DATE

db:VULHUBid:VHN-390036date:2021-10-19T00:00:00
db:VULMONid:CVE-2021-30358date:2021-10-19T00:00:00
db:JVNDBid:JVNDB-2021-013878date:2022-09-29T00:00:00
db:CNNVDid:CNNVD-202110-1436date:2021-10-19T00:00:00
db:NVDid:CVE-2021-30358date:2021-10-19T14:15:08.243