CVE-2021-29645
published 2021-10-12CVE-2021-29645: Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local…
PriorityP339high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.21%
11.6th percentile
Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system.
Affected
105 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hitachi | it_operations_director | 02-50 – 02-50-07 | — |
| hitachi | it_operations_director | 03-00 – 03-00-12 | — |
| hitachi | it_operations_director | 04-00 – 04-00-17 | — |
| hitachi | it_operations_director | 04-50 – 04-50-16 | — |
| hitachi | job_management_partner_1_it_desktop_management-manager | 09-50 – 09-50-03 | — |
| hitachi | job_management_partner_1_it_desktop_management-manager | 10-01 – 10-01-06 | — |
| hitachi | job_management_partner_1_it_desktop_management-manager | 10-10 – 10-10-16 | — |
| hitachi | job_management_partner_1_it_desktop_management_2-manager | 10-50 – 10-50-11 | — |
| hitachi | job_management_partner_1_remote_control_agent | 08-00 – 08-00-04 | — |
| hitachi | job_management_partner_1_remote_control_agent | 08-10 – 08-10-05 | — |
| hitachi | job_management_partner_1_remote_control_agent | 08-51 – 08-51-18 | — |
| hitachi | job_management_partner_1_remote_control_agent | 09-00 – 09-00-07 | — |
| hitachi | job_management_partner_1_remote_control_agent | 09-50 – 09-50-09 | — |
| hitachi | job_management_partner_1_remote_control_agent | 09-51 – 09-51-15 | — |
| hitachi | job_management_partner_1_software_distribution_client | 08-00 – 08-00-05 | — |
| hitachi | job_management_partner_1_software_distribution_client | 08-10 – 08-10-06 | — |
| hitachi | job_management_partner_1_software_distribution_client | 08-51 – 08-51-19 | — |
| hitachi | job_management_partner_1_software_distribution_client | 09-00 – 09-00-09 | — |
| hitachi | job_management_partner_1_software_distribution_client | 09-50 – 09-50-09 | — |
| hitachi | job_management_partner_1_software_distribution_client | 09-51 – 09-51-13 | — |
| hitachi | job_management_partner_1_software_distribution_manager | 08-00 – 08-00-07 | — |
| hitachi | job_management_partner_1_software_distribution_manager | 08-10 – 08-10-06 | — |
| hitachi | job_management_partner_1_software_distribution_manager | 08-51 – 08-51-19 | — |
| hitachi | job_management_partner_1_software_distribution_manager | 09-00 – 09-00-09 | — |
| hitachi | job_management_partner_1_software_distribution_manager | 09-50 – 09-50-09 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-10-12
Published