Security researchers at SafeBreach have discovered that the HP Touchpoint Analytics service is affected by a serious flaw tracked as CVE-2019-6333. The vulnerability received a CVSS score of 6.7 (medium severity).
The TouchPoint Analytics is a service that allows the vendor to anonymously collect diagnostic data about hardware performance, it comes pre-installed on most HP PCs.
The service is based on the open-source tool Open Hardware Monitor and it is executed as “NT AUTHORITY\SYSTEM.”
The experts noticed that when the service is started, it attempts to load three missing DLL files. An attacker with administrative privileges on the targeted system can create malicious DLLs with the names of the missing files and place them in the locations where they were expected to be to get executed when the HP service starts.
The experts pointed out that the Touchpoint Analytics service would have high-permission-level access to the PC hardware, this means that a flaw affecting the could be exploited to escalate privileges to SYSTEM and bypass security features.
“The Open Hardware Monitor library provides a signed kernel driver named “WinRing0,” which is extracted and installed during runtime.” reads the analysis published by the experts.
“As you can see, the service was trying to load three missing DLL files, which eventually were loaded from the c:\python27 directory – our PATH environment variable:
The researchers also published a PoC code to show how to use the Open Hardware Monitor library to read and write to physical memory.
The flaw could impact tens of millions of computers running the HP Touchpoint Analytics or Open Hardware Monitor.
“A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827.” reads the security advisory published by HP. “This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touchpoint Analytics system service.”
The experts reported the flaw to HP in early July and it was addressed this month with the release of version 4.1.4.2827.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Touchpoint Analytics, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
This website uses cookies.