CVE-2024-24912Incorrect Permission Assignment in Checkpoint Harmony Endpoint

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
6.7MEDIUMNVD
EPSS
0.1%
top 81.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Checkpoint Harmony EndpointCheckpoint Harmony Endpoint Security Client FOR Windows
Timeline
PublishedMay 1

Description

A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5checkpoint/harmony_endpoint_security_client_for_windowsHarmony Endpoint Security Client for Windows versions E88.10 and below
NVDcheckpoint/harmony_endpointe86.10e88.20

🔴Vulnerability Details

2
CVEList
Local privilege escalation in Harmony Endpoint Security Client for Windows via crafted DLL file2024-05-01
GHSA
GHSA-wmx5-qgrp-3rvx: A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E882024-05-01
CVE-2024-24912 — Incorrect Permission Assignment | cvebase