CVE-2023-28133 – CVE-2023-28133 allows local attackers to escala... (How to Fix)

Q: What is the severity of CVE-2023-28133?

CVE-2023-28133 has a CVSS score of 7.8 (HIGH). CVE-2023-28133 allows local attackers to escalate privileges on Windows systems running Check Point Endpoint Security Client E87.30 by crafting a malicious OpenSSL configuration file. This vulnerability affects users with local access to vulnerable endpoints, enabling them to gain SYSTEM-level privileges.

📋 TL;DR

CVE-2023-28133 allows local attackers to escalate privileges on Windows systems running Check Point Endpoint Security Client E87.30 by crafting a malicious OpenSSL configuration file. This vulnerability affects users with local access to vulnerable endpoints, enabling them to gain SYSTEM-level privileges.

💻 Affected Systems

Products:

Check Point Endpoint Security Client

Versions: E87.30

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows installations. Requires local access to create/modify OpenSSL configuration files.

📦 What is this software?

Endpoint Security by Checkpoint

View all CVEs affecting Endpoint Security →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full SYSTEM privileges, enabling complete system compromise, persistence installation, credential theft, and lateral movement capabilities.

🟠

Likely Case

Malicious insider or malware with initial user access escalates to SYSTEM to disable security controls, install backdoors, or access protected resources.

🟢

If Mitigated

With proper privilege separation and file permission controls, impact is limited to user-level compromise without privilege escalation.

🌐 Internet-Facing: LOW - Requires local access to the system, not directly exploitable over the internet.

🏢 Internal Only: HIGH - Significant risk from insider threats, compromised user accounts, or malware that gains initial foothold.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access and ability to write to OpenSSL configuration location. No public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: E87.40 and later

Vendor Advisory: https://support.checkpoint.com/results/sk/sk181276

Restart Required: Yes

Instructions:

1. Download E87.40 or later from Check Point support portal. 2. Run installer with administrative privileges. 3. Restart system when prompted.

🔧 Temporary Workarounds

Restrict OpenSSL configuration file permissions

windows

Set strict permissions on OpenSSL configuration files to prevent unauthorized modification

icacls "C:\Program Files\CheckPoint\Endpoint Security\openssl.cnf" /inheritance:r /grant:r "SYSTEM:(F)" "Administrators:(F)" /deny "Users:(W)"

🧯 If You Can't Patch

Implement strict file integrity monitoring on OpenSSL configuration files
Enforce principle of least privilege and monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check installed version via Control Panel > Programs > Check Point Endpoint Security Client. If version is E87.30, system is vulnerable.

Check Version:

wmic product where "name like 'Check Point Endpoint Security%'" get version

Verify Fix Applied:

Verify version is E87.40 or later and test privilege escalation attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

Unexpected modifications to OpenSSL configuration files
Process creation with SYSTEM privileges from user accounts
Failed privilege escalation attempts

Network Indicators:

None - local exploitation only

SIEM Query:

EventID=4688 AND NewProcessName LIKE '%openssl%' AND SubjectUserName NOT IN ('SYSTEM', 'LOCAL SERVICE', 'NETWORK SERVICE')

📊 Metadata

CVE ID: CVE-2023-28133

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-732

Published: July 23, 2023

Last Updated: November 21, 2024

🔗 References

https://support.checkpoint.com/results/sk/sk181276 Vendor Advisory
https://support.checkpoint.com/results/sk/sk181276 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28133, you might also want to check these: