CVE-2021-29645
HIGHHitachi JP1/IT Desktop Management 2 Agent 9-12 - Local Privilege Escalation via SendMessageTimeoutW API
Title source: llmDescription
Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.hitachi.com/hirt/security/index.html
Scores
CVSS v3
7.0
EPSS
0.0004
EPSS Percentile
13.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (14)
hitachi/it_operations_director
02-50 - 02-50-07
hitachi/job_management_partner_1\/it_desktop_management-manager
09-50 - 09-50-03
hitachi/job_management_partner_1\/it_desktop_management_2-manager
10-50 - 10-50-11
hitachi/job_management_partner_1\/remote_control_agent
08-00 - 08-00-04
hitachi/job_management_partner_1\/software_distribution_client
08-00 - 08-00-05
hitachi/job_management_partner_1\/software_distribution_manager
08-00 - 08-00-07
hitachi/jp1\/it_desktop_management-manager
09-50 - 09-50-03
hitachi/jp1\/it_desktop_management_2-manager
10-50 - 10-50-12
hitachi/jp1\/it_desktop_management_2-operations_director
11-01 - 11-01-12
hitachi/jp1\/netm\/dm_client
08-00 - 08-00-09
... and 4 more
Published
Oct 12, 2021
Tracked Since
Feb 18, 2026