CVE-2022-30121

The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.

Published: Sep 23, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-30121
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ivanti / endpoint_manager	2021.1.1-su1	2021.1.1-su1.x
ivanti / endpoint_manager	2021.1.1-su2	2021.1.1-su2.x
ivanti / endpoint_manager	2021.1.1	2021.1.1.x
ivanti / endpoint_manager	-	2021.1.1

https://forums.ivanti.com/s/article/Security-Advisory-for-Ivanti-Endpoint-Manager-Client-CVE-2022-30121?language=en_US

Vulnerability Database

CVE-2022-30121