The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HCheckpoint Gaia Os
OSCheckpointwszystkie wersjeCheckpoint Gaia Portal
APPCheckpoint< 2022-04-13Checkpoint Quantum Security Gateway
HWCheckpointwszystkie wersjeCheckpoint Quantum Security Management
HWCheckpointwszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
Related vulnerabilities
CVE-2026-50751CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Auth Bypass w Check Point VPN — pominięcie uwierzytelnienia przez błąd IKEv1
CVE-2024-24919HIGH8.6⚠ KEVten sam produkt
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected t...
CVE-2024-24914HIGH8.0ten sam produkt
Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Secu...
CVE-2023-28130HIGH7.2ten sam produkt
Local user may lead to privilege escalation using Gaia Portal hostnames page.
CVE-2024-52885MEDIUM5.0ten sam produkt
The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an a...