Support Center > Search Results > SecureKnowledge Details
CVE-2022-23742 - Local Privileges Escalation in Check Point Endpoint Security Client's EFRService Technical Level
Symptoms
  • The EFRService, which collects forensics data for various blades for the Check Point Endpoint Security Client for Windows, copies files for forensics reports from a directory with insufficient privileges. A local attacker can replace those files with malicious or linked content, which will run in higher privileges, as the Endpoint Client requires.

Solution
This issue was discovered and responsibly disclosed by Alain Rödel of cirosec GmbH and received ID CVE-2022-23742.

This problem was fixed. The fix is included starting from:

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment