CVE-2023-28130
HIGHCheck Point Gaia Portal - Privilege Escalation via Hostnames Page
Title source: llmDescription
Local user may lead to privilege escalation using Gaia Portal hostnames page.
References (5)
Core 5
Core References
Third Party Advisory
http://packetstormsecurity.com/files/173918/Checkpoint-Gaia-Portal-R81.10-Remote-Command-Execution.html
Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2023/Aug/4
Not Applicable
http://seclists.org/fulldisclosure/2023/Jul/43
Exploit, Third Party Advisory
https://pentests.nl/pentest-blog/cve-2023-28130-command-injection-in-check-point-gaia-portal/
Vendor Advisory
https://support.checkpoint.com/results/sk/sk181311
Scores
CVSS v3
7.2
EPSS
0.2138
EPSS Percentile
97.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
CWE-77
Status
published
Products (4)
checkpoint/gaia_portal
r80.40
checkpoint/gaia_portal
r81
checkpoint/gaia_portal
r81.10
checkpoint/gaia_portal
r81.20
Published
Jul 26, 2023
Tracked Since
Feb 18, 2026