Description
Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system.
Related CPE's
a
hitachi
it_operations_director
a
hitachi
job_management_partner_1\/it_desktop_management-manager
a
hitachi
job_management_partner_1\/remote_control_agent
a
hitachi
job_management_partner_1\/software_distribution_client
a
hitachi
job_management_partner_1\/software_distribution_manager
a
hitachi
jp1\/it_desktop_management-manager
a
hitachi
jp1\/it_desktop_management_2-manager
a
hitachi
jp1\/it_desktop_management_2-operations_director
a
hitachi
jp1\/netm\/dm_client
a
hitachi
jp1\/netm\/dm_client-remote_control_feature
a
hitachi
jp1\/netm\/dm_manager
a
hitachi
jp1\/netm\/remote_control_feature
a
hitachi
jp1\/remote_control_feature
CVSS impact metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-10-12T19:15:07.677
3 years agoLast modified
2022-07-12T17:42:04.277
2 years ago