Vigil@nce - Check Point Gaia Embedded: privilege escalation via SMB Truncated Password

November 2019 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

Impacted products: GAiA, CheckPoint Security Appliance.

Severity: 2/4.

Consequences: administrator access/rights, privileged access/rights.

Provenance: intranet client.

Confidence: confirmed by the editor (5/5).

Creation date: 02/09/2019.

DESCRIPTION OF THE VULNERABILITY

An attacker can bypass restrictions via SMB Truncated Password of Check Point Gaia Embedded, in order to escalate his privileges.

