{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-24912","assignerOrgId":"897c38be-0345-43cd-b6cf-fe179e0c4f45","state":"PUBLISHED","assignerShortName":"checkpoint","dateReserved":"2024-02-01T15:19:26.278Z","datePublished":"2024-05-01T13:22:48.486Z","dateUpdated":"2024-08-01T23:36:20.217Z"},"containers":{"cna":{"affected":[{"product":"Harmony Endpoint Security Client for Windows","vendor":"checkpoint","platforms":["Windows"],"versions":[{"status":"affected","version":"Harmony Endpoint Security Client for Windows versions E88.10 and below"}]}],"title":"Local privilege escalation in Harmony Endpoint Security Client for Windows via crafted DLL file","descriptions":[{"lang":"en","value":"A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-732","description":"CWE-732: Incorrect Permission Assignment for Critical Resource","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"897c38be-0345-43cd-b6cf-fe179e0c4f45","shortName":"checkpoint","dateUpdated":"2024-05-01T13:22:48.486Z"},"credits":[{"lang":"en","value":"Kolja Grassmann (Cirosec GmbH)","type":"finder"},{"lang":"en","value":"Alain Rödel (Neodyme)","type":"finder"}],"references":[{"url":"https://support.checkpoint.com/results/sk/sk182244"}]},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.7,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"HIGH","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"id":"CVE-2024-24912","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-05-01T17:15:29.343054Z"}}}],"affected":[{"cpes":["cpe:2.3:a:checkpoint:harmony_endpoint:e83:*:*:*:*:*:*:*"],"vendor":"checkpoint","product":"harmony_endpoint","versions":[{"status":"affected","version":"e88.10"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:43:34.409Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T23:36:20.217Z"},"title":"CVE Program Container","references":[{"url":"https://support.checkpoint.com/results/sk/sk182244","tags":["x_transferred"]}]}]}}