Vulnerabilities > CVE-2022-25153 - Unspecified vulnerability in Itarian Endpoint Manager Communication Client 6.43.41148.21120

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

itarian

NVD

Published: 2022-06-09

Updated: 2024-01-02

Summary

The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup.

Vulnerable Configurations

Part	Description	Count
Application	Itarian Itarian Endpoint Manager Communication Client - Itarian Endpoint Manager Communication Client 6.43.41148.21120	2

References

https://csirt.divd.nl/CVE-2022-25153
https://csirt.divd.nl/DIVD-2021-00037