Security researchers at SafeBreach have discovered that the HP Touchpoint Analytics service is affected by a serious flaw tracked as CVE-2019-6333. The vulnerability received a CVSS score of 6.7 (medium severity).
The TouchPoint Analytics is a service that allows the vendor to anonymously collect diagnostic data about hardware performance, it comes pre-installed on most HP PCs.
The service is based on the open-source tool Open Hardware Monitor and it is executed as “NT AUTHORITY\SYSTEM.”
The experts noticed that when the service is started, it attempts to load three missing DLL files. An attacker with administrative privileges on the targeted system can create malicious DLLs with the names of the missing files and place them in the locations where they were expected to be to get executed when the HP service starts.
The experts pointed out that the Touchpoint Analytics service would have high-permission-level access to the PC hardware, this means that a flaw affecting the could be exploited to escalate privileges to
“As you can see, the service was trying to load three missing DLL files, which eventually were loaded from the c:\python27 directory – our PATH environment variable:
The researchers also published a PoC code to show how to use the Open Hardware Monitor library to read and write to physical memory.
The flaw could impact tens of millions of computers running the HP Touchpoint Analytics or Open Hardware Monitor.
“A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 220.127.116.1127.” reads the security advisory published by HP. “This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touchpoint Analytics system service.”
The experts reported the flaw to HP in early July and it was addressed this month with the release of version 18.104.22.16827.