Support Center > Search Results > SecureKnowledge Details
Harmony Browse installer or SandBlast Agent for Browsers installer can be used for privileges escalation (CVE-2021-30359) Technical Level
Symptoms
  • When executing Harmony Browse or SandBlast Agent for Browsers installer locally with user-level privileges it was possible to get admin privileges on the endpoint.
  • This issue exists only on clients prior to version 90.08.7405
  • This issue is documented as CVE-2021-30359
Cause

The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer let regular users to repair their installation, an attacker running the old version of the installer can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges.

Therefore, it was possible to abuse the installer and execute other scripts with admin privileges, even without admin permissions on the endpoint.


Solution

A new version of the Harmony Browse and SandBlast Agent for Browser installers was published, which does not allow execution without admin privileges. The new version of the installer is therefore not exposed to this vulnerability.
Administrators should download the new installer from the Check Point Infinity Portal (https://portal.checkpoint.com/).

You must make sure your installer version is 90.08.7405 and above. In order to determine the current installer version, click on Computer Management on the left and review the Agent Version column. 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment