CVE-2021-29645 — HIGH (7.0)

Q: How severe is CVE-2021-29645?

CVE-2021-29645 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-29645?

Check the references section above for vendor advisories and patch information. Affected products include: Hitachi It Operations Director, Hitachi Job Management Partner 1\/It Desktop Management-Manager, Hitachi Job Management Partner 1\/It Desktop Management 2-Manager, Hitachi Job Management Partner 1\/Remote Control Agent, Hitachi Job Management Partner 1\/Software Distribution Client.

Vulnerability Description

Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system.

CVSS Score

7.0

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hitachi	It Operations Director	>= 02-50, <= 02-50-07
Hitachi	Job Management Partner 1\/It Desktop Management-Manager	>= 09-50, <= 09-50-03
Hitachi	Job Management Partner 1\/It Desktop Management 2-Manager	>= 10-50, <= 10-50-11
Hitachi	Job Management Partner 1\/Remote Control Agent	>= 08-00, <= 08-00-04
Hitachi	Job Management Partner 1\/Software Distribution Client	>= 08-00, <= 08-00-05
Hitachi	Job Management Partner 1\/Software Distribution Manager	>= 08-00, <= 08-00-07
Hitachi	Jp1\/It Desktop Management-Manager	>= 09-50, <= 09-50-03
Hitachi	Jp1\/It Desktop Management 2-Manager	>= 10-50, <= 10-50-12
Hitachi	Jp1\/It Desktop Management 2-Operations Director	>= 11-01, <= 11-01-12
Hitachi	Jp1\/Netm\/Dm Client	>= 08-00, <= 08-00-09
Hitachi	Jp1\/Netm\/Dm Client-Remote Control Feature	>= 08-00, <= 08-00-06
Hitachi	Jp1\/Netm\/Dm Manager	>= 08-00, <= 08-00-09
Hitachi	Jp1\/Netm\/Remote Control Feature	>= 08-00, <= 08-00-06
Hitachi	Jp1\/Remote Control Feature	>= 11-00, <= 11-00-02
Microsoft	Windows	-

References

https://www.hitachi.com/hirt/security/index.htmlVendor Advisory
https://www.hitachi.com/hirt/security/index.htmlVendor Advisory

FAQ

What is CVE-2021-29645?

CVE-2021-29645 is a vulnerability with a CVSS score of 7.0 (HIGH). Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker w...

How severe is CVE-2021-29645?

CVE-2021-29645 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-29645?

Check the references section above for vendor advisories and patch information. Affected products include: Hitachi It Operations Director, Hitachi Job Management Partner 1\/It Desktop Management-Manager, Hitachi Job Management Partner 1\/It Desktop Management 2-Manager, Hitachi Job Management Partner 1\/Remote Control Agent, Hitachi Job Management Partner 1\/Software Distribution Client.