The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.
References
Link | Resource |
---|---|
https://forums.ivanti.com/s/article/Security-Advisory-for-Ivanti-Endpoint-Manager-Client-CVE-2022-30121?language=en_US | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2022-09-23T13:37:51
Updated: 2022-09-23T13:37:51
Reserved: 2022-05-02T00:00:00
Link: CVE-2022-30121
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-23T14:15:12.273
Modified: 2022-10-01T02:27:18.397
Link: CVE-2022-30121
JSON object: View
Redhat Information
No data.
CWE