CVE-2022-30121
MEDIUMIvanti Endpoint Manager < 2021.1.1 - Privilege Escalation via LANDesk Management Agent Service
Title source: llmDescription
The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://forums.ivanti.com/s/article/Security-Advisory-for-Ivanti-Endpoint-Manager-Client-CVE-2022-30121?language=en_US
Scores
CVSS v3
6.7
EPSS
0.0013
EPSS Percentile
32.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (2)
ivanti/endpoint_manager
2021.1.1 (3 CPE variants)
ivanti/endpoint_manager
< 2021.1.1
Published
Sep 23, 2022
Tracked Since
Feb 18, 2026