Check Point Gaia Operating System Privilege Escalation

Medium Nessus Plugin ID 107072

Synopsis

The remote host is missing a vendor-supplied security patch.

Description

The remote host is running a version of Gaia OS which is affected by an issue where low privileged users authenticated to the Gaia clish shell may execute arbitrary code as admin / root.

Solution

Update to an unaffected version or apply vendor-supplied hotfix.

See Also

https://www.tenable.com/security/research/tra-2018-04

http://www.nessus.org/u?d0bf2e20

Plugin Details

Severity: Medium

ID: 107072

File Name: check_point_gaia_privilege_escalation.nasl

Version: Revision: 1.1

Type: local

Family: Firewalls

Published: 2018/02/28

Modified: 2018/02/28

Dependencies: 104670

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSSv3

Base Score: 6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/o:check_point:gaia_os

Required KB Items: Host/Check_Point/version, Host/Check_Point/installed_hotfixes

Patch Publication Date: 2018/02/26

Vulnerability Publication Date: 2018/02/26