ResearchVulnerability in Checkpoint Harmony

Vulnerability in Checkpoint Harmony

Checkpoint Harmony is an enterprise security software protecting customers from malware.

CVE-2024-24912 - Local privilege escalation vulnerability in Checkpoint Harmony
The fixed vulnerability allowed an attacker to escalate his privileges to SYSTEM on a system that the attacker already had access to.

This was possible by using COM-Hijacking to execute code in the context of a trusted front-end process. The trust between the front end and the back end was then abused to write a file to an arbitrary path, allowing an attacker to gain SYSTEM privileges.

We want to thank Checkpoint for their exemplary reaction to the vulnerability report.


7.8 (CVSS v3) -

Affected Version
Checkpoint Harmony Version E88.10

Fixed Version: 


Credits: Kolja Grassmann (cirosec GmbH) and Alain Rödel (Neodyme)

January 4, 2024: Manufacturer was contacted and informed about the vulnerability
January 4, 2024: Initial response from manufacturer
February 26, 2024: Manufacturer informed us that a version with a patch was available for testing
March 1, 2024: We confirm to the manufacturer, that the exploit was no longer possible
May 1, 2024: Manufacturer released advisory