CVE-2020-13770

Published: Nov 12, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service account having SeImpersonatePrivilege (eg. user ‘NT AUTHORITY\NETWORK SERVICE’).

Affected (1)

Products: Ivanti: Endpoint Manager

1 product

Endpoint Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ivanti Endpoint Manager	Up to 2020.1.1

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://labs.jumpsec.com/advisory-cve-2020-13770-ivanti-uem-named-pipe-token-impersonation/

Source: cve@mitre.org

Third Party Advisory

https://labs.jumpsec.com/advisory-cve-2020-13770-ivanti-uem-named-pipe-token-impersonation/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.