ResearchVulnerability in Checkpoint Harmony

Vulnerability in Checkpoint Harmony

Checkpoint Harmony is an enterprise security software protecting customers from malware.

CVE-2024-24912 - Local privilege escalation vulnerability in Checkpoint Harmony
The fixed vulnerability allowed an attacker to escalate his privileges to SYSTEM on a system that the attacker already had access to.

This was possible by using COM-Hijacking to execute code in the context of a trusted front-end process. The trust between the front end and the back end was then abused to write a file to an arbitrary path, allowing an attacker to gain SYSTEM privileges.

We want to thank Checkpoint for their exemplary reaction to the vulnerability report.

CVSS-Score

7.8 (CVSS v3) - nvd.nist.gov/vuln/detail/CVE-2024-24912

Affected Version
Checkpoint Harmony Version E88.10

Fixed Version: 
E88.20

References: 

support.checkpoint.com/results/sk/sk182244

Credits: Kolja Grassmann (cirosec GmbH) and Alain Rödel (Neodyme)

Timeline
January 4, 2024: Manufacturer was contacted and informed about the vulnerability
January 4, 2024: Initial response from manufacturer
February 26, 2024: Manufacturer informed us that a version with a patch was available for testing
March 1, 2024: We confirm to the manufacturer, that the exploit was no longer possible
May 1, 2024: Manufacturer released advisory