Remote Code Execution Vulnerability in Hitachi JP1/IT Desktop Management 2 Agent
CVE-2021-29644

8.1HIGH

Key Information:

Vendor: Hitachi
Status: It Operations Director; Job Management Partner 1\/it Desktop Management-manager; Job Management Partner 1\/it Desktop Management 2-manager; Job Management Partner 1\/remote Control Agent
Vendor: CVE Published:; 12 October 2021

Summary

Hitachi JP1/IT Desktop Management 2 Agent versions 9 through 12 are susceptible to a remote code execution vulnerability caused by an integer overflow. This vulnerability can be exploited by an attacker with network access to port 31016, allowing them to execute arbitrary code with unrestricted privileges on the underlying operating system. This poses significant risks to the integrity and security of the affected systems.

References

https://www.hitachi.com/hirt/security/index.html

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 12, 2021
Vulnerability Reserved
Mar 30, 2021