CVE-2019-17066

In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights.

Published: May 19, 2020
Updated: Apr 13, 2023
CVE: CVE-2019-17066
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
ivanti / workspace_control	-	10.4.40.0

https://forums.ivanti.com/s/article/A-locally-authenticated-user-with-low-privileges-can-acquire-admin-privileges-by-hijacking-certain-user-registry-entries

Vulnerability Database

291,049

CVE-2019-17066