Local Privilege Escalation Vulnerability in Hitachi JP1/IT Desktop Management 2 Agent 9-12

Local Privilege Escalation Vulnerability in Hitachi JP1/IT Desktop Management 2 Agent 9-12

CVE-2021-29645 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system.

Learn more about our Cis Benchmark Audit For Desktop Software.