Local Privilege Escalation Vulnerability in Hitachi Desktop Management Software
CVE-2021-29645

7HIGH

Key Information:

Vendor: Hitachi
Status: It Operations Director; Job Management Partner 1\/it Desktop Management-manager; Job Management Partner 1\/it Desktop Management 2-manager; Job Management Partner 1\/remote Control Agent
Vendor: CVE Published:; 12 October 2021

Summary

The Hitachi JP1/IT Desktop Management 2 Agent versions 9 through 12 contains a local privilege escalation vulnerability caused by the improper handling of the SendMessageTimeoutW API with arbitrary arguments through a local pipe. This flaw can be exploited by attackers who have local access to the system, allowing them to execute arbitrary code, potentially compromising the integrity and confidentiality of the system.

References

https://www.hitachi.com/hirt/security/index.html

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 12, 2021
Vulnerability Reserved
Mar 30, 2021