Description


Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system.

Related CPE's


a

hitachi

it_operations_director

4

a

hitachi

job_management_partner_1\/it_desktop_management-manager

3


a

hitachi

job_management_partner_1\/remote_control_agent

6

a

hitachi

job_management_partner_1\/software_distribution_client

6

a

hitachi

job_management_partner_1\/software_distribution_manager

6

a

hitachi

jp1\/it_desktop_management-manager

6

a

hitachi

jp1\/it_desktop_management_2-manager

9

a

hitachi

jp1\/it_desktop_management_2-operations_director

7

a

hitachi

jp1\/netm\/dm_client

16

a

hitachi

jp1\/netm\/dm_client-remote_control_feature

13

a

hitachi

jp1\/netm\/dm_manager

14

a

hitachi

jp1\/netm\/remote_control_feature

12

a

hitachi

jp1\/remote_control_feature

2

Weaknesses



NVD-CWE-noinfo

CVSS impact metrics


CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-10-12T19:15:07.677

3 years ago

Last modified

2022-07-12T17:42:04.277

2 years ago