CVE-2019-17066

HIGH

Ivanti WorkSpace Control < 10.4.40.0 - Authenticated Privilege Escalation via Registry Hijacking

Title source: llm

Description

In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://forums.ivanti.com/s/article/A-locally-authenticated-user-with-low-privileges-can-acquire-admin-privileges-by-hijacking-certain-user-registry-entries

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 19.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (1)

ivanti/workspace_control < 10.4.40.0

Published May 18, 2020

Tracked Since Feb 18, 2026