CVE-2024-0197
📋 TL;DR
A privilege escalation vulnerability in Thales SafeNet Sentinel HASP LDK installer on Windows allows local attackers to gain elevated system privileges. This affects organizations using versions prior to 9.16 of this software licensing and protection solution. Attackers need local access to exploit this flaw.
💻 Affected Systems
- Thales SafeNet Sentinel HASP LDK
📦 What is this software?
Sentinel Hasp Ldk by Thalesgroup
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains SYSTEM/administrator privileges, enabling complete system compromise, installation of malware, credential theft, and lateral movement across the network.
Likely Case
Local user or malware with initial foothold escalates privileges to install persistent backdoors, disable security controls, or access sensitive data.
If Mitigated
With proper access controls and monitoring, impact limited to isolated systems with quick detection and containment.
🎯 Exploit Status
Local privilege escalation typically has low complexity. Requires attacker to have some level of local access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.16 or later
Vendor Advisory: https://supportportal.thalesgroup.com
Restart Required: Yes
Instructions:
1. Download SafeNet Sentinel HASP LDK version 9.16 or later from Thales support portal. 2. Run installer with administrative privileges. 3. Follow installation wizard. 4. Restart system when prompted.
🔧 Temporary Workarounds
Restrict local access
windowsLimit local user accounts and implement strict access controls to reduce attack surface.
User Account Control enforcement
windowsEnsure UAC is enabled and configured to prompt for credentials for all administrative tasks.
🧯 If You Can't Patch
- Implement strict least privilege principles - ensure users only have necessary permissions
- Deploy endpoint detection and response (EDR) solutions to monitor for privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check installed version of SafeNet Sentinel HASP LDK via Programs and Features or registry: HKEY_LOCAL_MACHINE\SOFTWARE\Thales\Sentinel LDKCheck Version:
reg query "HKLM\SOFTWARE\Thales\Sentinel LDK" /v VersionVerify Fix Applied:
Verify version is 9.16 or higher in Programs and Features or registry.📡 Detection & Monitoring
Log Indicators:
- Unexpected installer processes running with elevated privileges
- Security log events showing privilege escalation
Network Indicators:
- None - local exploitation only
SIEM Query:
Process creation where (process_name contains 'install' OR process_name contains 'setup') AND parent_process contains 'user' AND integrity_level='system'