CVE-2022-27773

CRITICAL

Ivanti Endpoint Manager < 2021.1 - Privilege Escalation via Incorrect Default Permissions

Title source: llm

Description

A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.

References (1)

Core 1

Core References

Vendor Advisory

https://forums.ivanti.com/s/article/Security-Advisory-for-Ivanti-Endpoint-Manager-Client-CVE-2022-27773?language=en_US

Scores

CVSS v3 9.8

EPSS 0.0688

EPSS Percentile 91.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-276

Status published

Products (3)

ivanti/endpoint_manager 2021.1 su1 (2 CPE variants)

ivanti/endpoint_manager 2022 su1

ivanti/endpoint_manager < 2021.1

Published Dec 05, 2022

Tracked Since Feb 18, 2026