CVE-2022-25153

ITarian - Local privilege escalation in Endpoint Manager agent on Windows

CVE

CVE-2022-25153

Title

ITarian - Local privilege escalation in Endpoint Manager agent on Windows

Case

DIVD-2021-00037

Credits

Wietse Boonstra of DIVD (finder)
Hidde Smit of DIVD (finder)

Affected products

Product	Affected	Unaffected	Unknown
ITarian Endpoint Manager Communication Client for Windows	>= any version to < 6.43.41148.21120 (custom)
ITarian Endpoint Manager Communication Client for Windows

CVSS

Base score: 7.8 (HIGH)

References

https://csirt.divd.nl/DIVD-2021-00037 ( third-party-advisory )
https://csirt.divd.nl/CVE-2022-25153 ( third-party-advisory )

Problem type(s)

CWE-275 Permission Issues

Date published

22 Feb 2022 23:00 UTC

Last modified

02 Jan 2024 18:32 UTC

Description

The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup.

JSON version.

DIVD CSIRT

CVE-2022-25153

ITarian - Local privilege escalation in Endpoint Manager agent on Windows

Description