Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2021-29645

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/10/2021
Last modified:
12/07/2022

Description

Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.80 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x
7.80
Severity 3.x
HIGH
Vector 2.0
AV:L/AC:L/Au:N/C:P/I:P/A:P CVSS v2.0 Severity and Metrics:

Base Score: 4.60 MEDIUM
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Attack Vector (AV): Local
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): Physical

Base Score 2.0
4.60
Severity 2.0
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:hitachi:it_operations_director:*:*:*:*:*:*:*:* 02-50 (including) 02-50-07 (including)
cpe:2.3:a:hitachi:it_operations_director:*:*:*:*:*:*:*:* 03-00 (including) 03-00-12 (including)
cpe:2.3:a:hitachi:it_operations_director:*:*:*:*:*:*:*:* 04-00 (including) 04-00-17 (including)
cpe:2.3:a:hitachi:it_operations_director:*:*:*:*:*:*:*:* 04-50 (including) 04-50-16 (including)
cpe:2.3:a:hitachi:job_management_partner_1\/it_desktop_management-manager:*:*:*:*:*:*:*:* 09-50 (including) 09-50-03 (including)
cpe:2.3:a:hitachi:job_management_partner_1\/it_desktop_management-manager:*:*:*:*:*:*:*:* 10-01 (including) 10-01-06 (including)
cpe:2.3:a:hitachi:job_management_partner_1\/it_desktop_management-manager:*:*:*:*:*:*:*:* 10-10 (including) 10-10-16 (including)
cpe:2.3:a:hitachi:job_management_partner_1\/it_desktop_management_2-manager:*:*:*:*:*:*:*:* 10-50 (including) 10-50-11 (including)
cpe:2.3:a:hitachi:job_management_partner_1\/remote_control_agent:*:*:*:*:*:*:*:* 08-00 (including) 08-00-04 (including)
cpe:2.3:a:hitachi:job_management_partner_1\/remote_control_agent:*:*:*:*:*:*:*:* 08-10 (including) 08-10-05 (including)
cpe:2.3:a:hitachi:job_management_partner_1\/remote_control_agent:*:*:*:*:*:*:*:* 08-51 (including) 08-51-18 (including)
cpe:2.3:a:hitachi:job_management_partner_1\/remote_control_agent:*:*:*:*:*:*:*:* 09-00 (including) 09-00-07 (including)
cpe:2.3:a:hitachi:job_management_partner_1\/remote_control_agent:*:*:*:*:*:*:*:* 09-50 (including) 09-50-09 (including)
cpe:2.3:a:hitachi:job_management_partner_1\/remote_control_agent:*:*:*:*:*:*:*:* 09-51 (including) 09-51-15 (including)
cpe:2.3:a:hitachi:job_management_partner_1\/software_distribution_client:*:*:*:*:*:*:*:* 08-00 (including) 08-00-05 (including)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools