Web application security specialists report the discovery of a critical vulnerability in a Check Point software solution that, if exploited, would allow a threat actor to perform a privilege escalation to execute arbitrary code with administrator privileges. The company has already been notified and is working to eliminate this security risk.
The SafeBreach Labs team of experts in charge
of this discovery mentions that the vulnerability was detected in the Endpoint
Security Initial Client software, developed for the Windows operating system.
The flaw appears to affect Endpoint Agent (CPDA.exe) and Device Auxiliary
Framework (IDAFServerHostService.exe).
Once IDAFServerHostService.exe starts, the
signed process runs as NT AUTHORITY-SYSTEM. After it runs, the service attempts
to load the atl110.dll library, a missing DLL from different directories within
the PATH environment variable. Due to the absence of the respective DLL, an
attacker can write the missing DLL and execute arbitrary codes. In the release
of the proof-of-concept, web application security experts mentioned: “We
were able to load an arbitrary DLL as a normal user and execute our code within
a Check Point-signed process such as NT AUTHORITY-SYSTEM”.
As if it were not enough, after exploitation,
the vulnerability could allow a threat actor to load and execute malicious code
by bypassing the list of authorized entities and processes (whitelist), as well
as ensuring a persistent mechanism of execution to get privileges on the targeted
system.
According to web application security experts
from the International Institute of Cyber Security (IICS), researchers reported
the vulnerability to Check Point in early August; finally, the flaw was
corrected a couple of days ago through the release of an update. Check Point
issued a security alert asking its users to deploy the updates. Customers are
encouraged to verify that if the system has the latest update, Check Point
Endpoint Security E81.30.
In addition to this report, SafeBreach Labs
experts published a report on privilege
escalation vulnerability in the Bitdefender Antivirus Free 2020
security tool. The developers of this antivirus are expected to release an update
as soon as possible.
