China National Vulnerability DatabaseCNVD-2022-88273Ivanti Endpoint Manager Elevation of Privilege Vulnerability
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
An elevation of privilege vulnerability exists in Ivanti Endpoint Manager (EPM), a set of endpoint security managers from Ivanti, Inc. The vulnerability stems from the fact that the โLANDeskยฎ Management Agentโ service exposes a socket that, once connected, can launch commands for only signed An attacker could exploit the vulnerability to cause an elevation of privilege by launching commands for signed executables only.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ivanti ivanti endpoint manager | lt | 2021.1.1 | |
| ivanti ivanti endpoint manager | eq | 2021.1.1 |
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H