#VU89894 Path traversal in Gaia
Vulnerability identifier: #VU89894
Vulnerability risk: High
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-22
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
Gaia
Operating systems & Components /
Operating system
Vendor: Check Point Software Technologies
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The
vulnerability exists due to a insufficient validation of file path in Security Gateways
with IPSec VPN, Remote Access VPN and the Mobile Access software blade. A
remote non-authenticated attacker can send a specially crafted HTTP request and view arbitrary files on the system.
Note, the vulnerability is being actively exploited in the wild.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Gaia: R81.10 - R81.10 Take 338, R81.20 - R81.20 Take 54, R81 - R81 Take 92, R80.40 - R80.40 Take 211, R80.30 - R80.30 Take 255, R80.10 - R80.10 Take 272, R80.20 - R80.20 Take 334, R80, R77 - R77.30
External links
http://support.checkpoint.com/results/sk/sk182336
http://blog.checkpoint.com/security/enhance-your-vpn-security-posture
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
