Published: 08/06/2021 Updated: 17/06/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access.

Vulnerable Product	Search on Vulmon	Subscribe to Product
checkpoint ssl network extender r80.10
checkpoint ssl network extender r80.20
checkpoint ssl network extender r80.30
checkpoint ssl network extender r80.40
checkpoint ssl network extender r81

Proof-of-Concept for privileged file read through CheckPoint SNX VPN Linux Client

CVE-2021-30357_CheckPoint_SNX_VPN_PoC Proof-of-Concept for privileged file read through CheckPoint SNX VPN Linux Client Affected Version CheckPointVPN_SNX_Linux_800007075sh MD5 Checksum: 4372e9936e2dfb1d1ebcef3ed4dd7787 Exploit To exploit just load any file as SNX config using the -f paremeter If the file is not a valid SNX config, it will throw an error and display syntax

CWE-209 https://supportcontent.checkpoint.com/solutions?id=sk173513 https://nvd.nist.gov https://github.com/joaovarelas/CVE-2021-30357_CheckPoint_SNX_VPN_PoC

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-30357

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect