Advisories

Vulnerability in Checkpoint Harmony (CVE-2024-24912)

Checkpoint Harmony is an enterprise security software protecting customers from malware.

Local privilege escalation vulnerability in Checkpoint Harmony

The fixed vulnerability allowed an attacker to escalate his privileges to SYSTEM on a system that the attacker already had access to.

This was possible by using COM-Hijacking to execute code in the context of a trusted front-end process. The trust between the front end and the back end was then abused to write a file to an arbitrary path, allowing an attacker to gain SYSTEM privileges.

We want to thank Checkpoint for their exemplary reaction to the vulnerability report.

CVSS Score
7.8 (CVSS v3) – https://nvd.nist.gov/vuln/detail/CVE-2024-24912

Affected Version
Checkpoint Harmony Version E88.10

Fixed Version:
E88.20

References
https://support.checkpoint.com/results/sk/sk182244

Credits
Kolja Grassmann (cirosec GmbH) and Alain Rödel (Neodyme)

Timeline

2024-01-04

Vendor was contacted and informed about the vulnerability

2024-01-04

Initial response from vendor

2024-02-26

Vendor informed us that a version with a patch was available for testing

2024-03-01

We confirmed to the vendor, that the exploit was no longer possible

2024-05-24

Vendor released advisory

Do you want to protect your systems? Get in touch with us.

Competent IT security consulting, pentests, incident response and training

Ferdinand-Braun-Straße 4
74074 Heilbronn, Germany

Vulnerability in Checkpoint Harmony (CVE-2024-24912)

Local privilege escalation vulnerability in Checkpoint Harmony

Timeline

2024-01-04

2024-01-04

2024-02-26

2024-03-01

2024-05-24

Do you want to protect your systems? Get in touch with us.

Quicklinks

Social Media

Legal