It runs as NT AUTHORITY\SYSTEM – the most privileged user account.“Check Point Device Auxiliary Framework” (IDAFServerHostService.exe).“Check Point Endpoint Agent” (CPDA.exe).In our initial exploration of the software, we targeted the following Check Point services: We then demonstrate how this vulnerability can be exploited to achieve privilege escalation, gaining access with NT AUTHORITY\SYSTEM level privileges. In this post, we describe the vulnerability we found in the Check Point Endpoint Security Initial Client software for Windows. Some parts of the software run as a Windows service executed as “NT AUTHORITY\SYSTEM,” which provides it with very powerful permissions. Check Point Endpoint SecurityĬheck Point Endpoint Security includes data security, network security, advanced threat prevention, forensics, and remote access VPN solutions. In this post, we will demonstrate how this vulnerability could be used in order to achieve privilege escalation and persistence by loading an arbitrary unsigned DLL into a service that runs as NT AUTHORITY\SYSTEM. SafeBreach Labs discovered a new vulnerability in Check Point Endpoint Security Initial Client software for Windows.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |