cbcvebase.
CVE-2021-29645
published 2021-10-12

CVE-2021-29645: Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local…

PriorityP339high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.21%
11.6th percentile
Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system.

Affected

105 ranges· showing 25
VendorProductVersion rangeFixed in
hitachiit_operations_director02-50 – 02-50-07
hitachiit_operations_director03-00 – 03-00-12
hitachiit_operations_director04-00 – 04-00-17
hitachiit_operations_director04-50 – 04-50-16
hitachijob_management_partner_1_it_desktop_management-manager09-50 – 09-50-03
hitachijob_management_partner_1_it_desktop_management-manager10-01 – 10-01-06
hitachijob_management_partner_1_it_desktop_management-manager10-10 – 10-10-16
hitachijob_management_partner_1_it_desktop_management_2-manager10-50 – 10-50-11
hitachijob_management_partner_1_remote_control_agent08-00 – 08-00-04
hitachijob_management_partner_1_remote_control_agent08-10 – 08-10-05
hitachijob_management_partner_1_remote_control_agent08-51 – 08-51-18
hitachijob_management_partner_1_remote_control_agent09-00 – 09-00-07
hitachijob_management_partner_1_remote_control_agent09-50 – 09-50-09
hitachijob_management_partner_1_remote_control_agent09-51 – 09-51-15
hitachijob_management_partner_1_software_distribution_client08-00 – 08-00-05
hitachijob_management_partner_1_software_distribution_client08-10 – 08-10-06
hitachijob_management_partner_1_software_distribution_client08-51 – 08-51-19
hitachijob_management_partner_1_software_distribution_client09-00 – 09-00-09
hitachijob_management_partner_1_software_distribution_client09-50 – 09-50-09
hitachijob_management_partner_1_software_distribution_client09-51 – 09-51-13
hitachijob_management_partner_1_software_distribution_manager08-00 – 08-00-07
hitachijob_management_partner_1_software_distribution_manager08-10 – 08-10-06
hitachijob_management_partner_1_software_distribution_manager08-51 – 08-51-19
hitachijob_management_partner_1_software_distribution_manager09-00 – 09-00-09
hitachijob_management_partner_1_software_distribution_manager09-50 – 09-50-09

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.