The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.
References
Link | Resource |
---|---|
https://forums.ivanti.com/s/article/Security-Advisory-for-Ivanti-Endpoint-Manager-Client-CVE-2022-30121?language=en_US | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
01 Oct 2022, 02:27
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
29 Sep 2022, 13:48
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ivanti
Ivanti endpoint Manager |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:ivanti:endpoint_manager:2021.1.1:su1:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2021.1.1:-:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager:2021.1.1:su2:*:*:*:*:*:* |
|
References | (MISC) https://forums.ivanti.com/s/article/Security-Advisory-for-Ivanti-Endpoint-Manager-Client-CVE-2022-30121?language=en_US - Vendor Advisory |
23 Sep 2022, 14:26
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-23 14:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-30121
Mitre link : CVE-2022-30121
CVE.ORG link : CVE-2022-30121
JSON object : View
Products Affected
ivanti
- endpoint_manager
CWE