CVE-2022-25153
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ITarian | Endpoint Manager Communication Client for Windows | any version < 6.43.41148.21120 | affected |
Weaknesses
- CWE-275: CWE-275 Permission Issues
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.