CVE-2022-27773

Published: Dec 5, 2022Modified: Apr 24, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.

Affected (4)

Products: Ivanti: Endpoint Manager

Ivanti

1 product

Endpoint Manager

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ivanti Endpoint Manager	Before 2021.1
Ivanti Endpoint Manager	Version 2021.1 su1
Ivanti Endpoint Manager	Version 2021.1 su2
Ivanti Endpoint Manager	Version 2022 su1

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://forums.ivanti.com/s/article/Security-Advisory-for-Ivanti-Endpoint-Manager-Client-CVE-2022-27773?language=en_US

Source: support@hackerone.com

Vendor Advisory

https://forums.ivanti.com/s/article/Security-Advisory-for-Ivanti-Endpoint-Manager-Client-CVE-2022-27773?language=en_US

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.