Local privilege escalation by file manipulation on HP Image Assistant for versions prior to 5.3.3
Overview of HP System Event Utility
HP System Event Utility is a software component installed on HP client systems to support hardware-specific functionality, system hotkeys, notifications, and integration between the operating system and HP device-level features. It operates in the background and uses scheduled tasks and supporting executables to manage system events and user interactions.
Overview of OMEN Gaming Hub
OMEN Gaming Hub is HP’s performance-management and customization platform for OMEN devices. It provides system tuning, device configuration, performance controls, and telemetry-driven features aimed at optimizing the gaming experience. The application relies on auxiliary services and scheduled processes that run with elevated privileges to perform hardware-level operations.
Vulnerability Description
WithSecure Exposure Management identified a privilege escalation vulnerability affecting versions of HP System Event Utility prior to 3.2.12, and OMEN Gaming Hub prior to 1101.2511.101.0. A supporting executable within the System Event Utility installation is deployed into a directory that inherits highly permissive default access controls. As a result, the component file is created in an operating system recovery location where standard users have full write access.
This file is later executed automatically with elevated privileges as part of a recurring scheduled task used by the associated HP utilities. Because the execution mechanism relies on a privileged system component that does not enforce integrity validation against the launched file, an opportunity arises for a local, low-privileged user to manipulate the executable before it is run.
If successfully exploited, this condition could allow arbitrary code to be executed with elevated privileges, potentially leading to full system compromise. The vulnerability is a result of unsafe file-deployment paths combined with privileged scheduled execution, rather than any defect in the executable’s functionality itself.
Affected Software:
HP System Event Utility prior to v3.2.12
OMEN Gaming Hub prior to v1101.2511.101.0
Resolution:
Update to the latest version of HP System Event Utility and Omen Gaming Hub via Windows Update or using the Microsoft Store.
HP System Event Utility v3.2.12 or higher
OMEN Gaming Hub v1101.2511.101.0 or higher