Skip to the content.

CVE-2022-25153 - ITarian - Local privilege escalation in Endpoint Manager agent on Windows

CVE CVE-2022-25153
Case DIVD-2021-00037
Credits
Products ITarian:
  • Endpoint Manager Communication Client for Windows
Versions ITarian:
  • Endpoint Manager Communication Client for Windows
    • any version (< 6.43.41148.21120)
Page author Victor Pasman
CVSS Base score: 7.8
References
Last modified 20 Jun 2022 07:35

Description

The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup.


JSON version