CVE-2022-23742 - Local Privileges Escalation in Check Point Endpoint Security Client's EFRService

Support Center > Alerts > SecureKnowledge Details

Technical Level

Solution ID	sk179132
Technical Level
Severity	Low
Product	Endpoint Security Client
Version	R80.40, R81, R81.10, R81.20
OS	Windows
Date Created	11-May-2022
Last Modified	20-Dec-2022

Symptoms

The EFRService, which collects forensics data for various blades for the Check Point Endpoint Security Client for Windows, copies files for forensics reports from a directory with insufficient privileges. A local attacker can replace those files with malicious or linked content, which will run in higher privileges, as the Endpoint Client requires.

Solution

This issue was discovered and responsibly disclosed by Alain Rödel of cirosec GmbH and received ID CVE-2022-23742.

This problem was fixed. The fix is included starting from:

Enterprise Endpoint Security E86.40 Windows Clients.

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating