Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ITarian - Local privilege escalation in Endpoint Manager agent on Windows
Vulnerability Description
The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
Permission Issues
Vulnerability Title
ITarian 安全漏洞
Vulnerability Description
ITarian是美国ITarian公司的一种远程访问和 IT 管理解决方案。可帮助组织与其客户和员工建立联系和沟通,促进跨团队的远程文件访问、系统监控、故障排除和运营管理。 ITarian Endpoint Manager Communication Client 6.43.41148.21120之前的版本存在安全漏洞,该漏洞源于编译安装OpenSSL过程中使用不安全的设置,攻击者利用该漏洞可以将其权限提升。
CVSS Information
N/A
Vulnerability Type
N/A