Local Privilege Escalation Vulnerability in Checkpoint Harmony
The fixed vulnerability allowed an attacker to escalate his privileges to SYSTEM on a system that the attacker already had access to.
This was possible by using COM-Hijacking to execute code in the context of a trusted front-end process. The trust between the front end and the back end was then abused to write a file to an arbitrary path, allowing an attacker to gain SYSTEM privileges.
We want to thank Checkpoint for their exemplary reaction to the vulnerability report.
CVSS Score
7.8 (CVSS v3) – https://nvd.nist.gov/vuln/detail/CVE-2024-24912
Affected Version
Checkpoint Harmony Version E88.10
Fixed Version
E88.20
References
https://support.checkpoint.com/results/sk/sk182244
Credits
Kolja Grassmann (cirosec GmbH) and Alain Rödel (Neodyme)
Timeline
2024-01-04
Vendor was contacted and informed about the vulnerability
2024-01-04
Initial response from vendor
2024-02-26
Vendor informed us that a version with a patch was available for testing
2024-03-01
We confirmed to the vendor, that the exploit was no longer possible
2024-05-01
Vendor released advisory