CVE-2021-29645

Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AC:H/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
hitachiit_operations_director
02-50 ≤
𝑥
≤ 02-50-07
hitachiit_operations_director
03-00 ≤
𝑥
≤ 03-00-12
hitachiit_operations_director
04-00 ≤
𝑥
≤ 04-00-17
hitachiit_operations_director
04-50 ≤
𝑥
≤ 04-50-16
hitachijob_management_partner_1\/it_desktop_management-manager
09-50 ≤
𝑥
≤ 09-50-03
hitachijob_management_partner_1\/it_desktop_management-manager
10-01 ≤
𝑥
≤ 10-01-06
hitachijob_management_partner_1\/it_desktop_management-manager
10-10 ≤
𝑥
≤ 10-10-16
hitachijob_management_partner_1\/it_desktop_management_2-manager
10-50 ≤
𝑥
≤ 10-50-11
hitachijob_management_partner_1\/remote_control_agent
08-00 ≤
𝑥
≤ 08-00-04
hitachijob_management_partner_1\/remote_control_agent
08-10 ≤
𝑥
≤ 08-10-05
hitachijob_management_partner_1\/remote_control_agent
08-51 ≤
𝑥
≤ 08-51-18
hitachijob_management_partner_1\/remote_control_agent
09-00 ≤
𝑥
≤ 09-00-07
hitachijob_management_partner_1\/remote_control_agent
09-50 ≤
𝑥
≤ 09-50-09
hitachijob_management_partner_1\/remote_control_agent
09-51 ≤
𝑥
≤ 09-51-15
hitachijob_management_partner_1\/software_distribution_client
08-00 ≤
𝑥
≤ 08-00-05
hitachijob_management_partner_1\/software_distribution_client
08-10 ≤
𝑥
≤ 08-10-06
hitachijob_management_partner_1\/software_distribution_client
08-51 ≤
𝑥
≤ 08-51-19
hitachijob_management_partner_1\/software_distribution_client
09-00 ≤
𝑥
≤ 09-00-09
hitachijob_management_partner_1\/software_distribution_client
09-50 ≤
𝑥
≤ 09-50-09
hitachijob_management_partner_1\/software_distribution_client
09-51 ≤
𝑥
≤ 09-51-13
hitachijob_management_partner_1\/software_distribution_manager
08-00 ≤
𝑥
≤ 08-00-07
hitachijob_management_partner_1\/software_distribution_manager
08-10 ≤
𝑥
≤ 08-10-06
hitachijob_management_partner_1\/software_distribution_manager
08-51 ≤
𝑥
≤ 08-51-19
hitachijob_management_partner_1\/software_distribution_manager
09-00 ≤
𝑥
≤ 09-00-09
hitachijob_management_partner_1\/software_distribution_manager
09-50 ≤
𝑥
≤ 09-50-09
hitachijob_management_partner_1\/software_distribution_manager
09-51 ≤
𝑥
≤ 09-51-13
hitachijp1\/it_desktop_management-manager
09-50 ≤
𝑥
≤ 09-50-03
hitachijp1\/it_desktop_management-manager
09-51 ≤
𝑥
≤ 09-51-05
hitachijp1\/it_desktop_management-manager
10-00 ≤
𝑥
≤ 10-00-02
hitachijp1\/it_desktop_management-manager
10-01 ≤
𝑥
≤ 10-01-05
hitachijp1\/it_desktop_management-manager
10-02 ≤
𝑥
≤ 10-02-05
hitachijp1\/it_desktop_management-manager
10-10 ≤
𝑥
≤ 10-10-16
hitachijp1\/it_desktop_management_2-manager
10-50 ≤
𝑥
≤ 10-50-12
hitachijp1\/it_desktop_management_2-manager
11-00 ≤
𝑥
≤ 11-00-11
hitachijp1\/it_desktop_management_2-manager
11-01 ≤
𝑥
≤ 11-01-12
hitachijp1\/it_desktop_management_2-manager
11-10 ≤
𝑥
≤ 11-10-10
hitachijp1\/it_desktop_management_2-manager
11-50 ≤
𝑥
≤ 11-50-08
hitachijp1\/it_desktop_management_2-manager
11-51 ≤
𝑥
≤ 11-51-10
hitachijp1\/it_desktop_management_2-manager
12-00 ≤
𝑥
≤ 12-00-09
hitachijp1\/it_desktop_management_2-manager
12-10 ≤
𝑥
≤ 12-10-07
hitachijp1\/it_desktop_management_2-manager
12-50 ≤
𝑥
≤ 12-50-03
hitachijp1\/it_desktop_management_2-operations_director
11-01 ≤
𝑥
≤ 11-01-12
hitachijp1\/it_desktop_management_2-operations_director
11-10 ≤
𝑥
≤ 11-10-10
hitachijp1\/it_desktop_management_2-operations_director
11-50 ≤
𝑥
≤ 11-50-08
hitachijp1\/it_desktop_management_2-operations_director
11-51 ≤
𝑥
≤ 11-51-10
hitachijp1\/it_desktop_management_2-operations_director
12-00 ≤
𝑥
≤ 12-00-09
hitachijp1\/it_desktop_management_2-operations_director
12-10 ≤
𝑥
≤ 12-10-07
hitachijp1\/it_desktop_management_2-operations_director
12-50 ≤
𝑥
≤ 12-50-03
hitachijp1\/netm\/dm_client
08-00 ≤
𝑥
≤ 08-00-09
hitachijp1\/netm\/dm_client
08-01 ≤
𝑥
≤ 08-01-04
hitachijp1\/netm\/dm_client
08-02 ≤
𝑥
≤ 08-02-07
hitachijp1\/netm\/dm_client
08-10 ≤
𝑥
≤ 08-10-13
hitachijp1\/netm\/dm_client
08-11 ≤
𝑥
≤ 08-11-17
hitachijp1\/netm\/dm_client
08-12 ≤
𝑥
≤ 08-12-03
hitachijp1\/netm\/dm_client
08-50 ≤
𝑥
≤ 08-50-08
hitachijp1\/netm\/dm_client
08-51 ≤
𝑥
≤ 08-51-17
hitachijp1\/netm\/dm_client
08-52 ≤
𝑥
≤ 08-52-22
hitachijp1\/netm\/dm_client
09-00 ≤
𝑥
≤ 09-00-14
hitachijp1\/netm\/dm_client
09-01 ≤
𝑥
≤ 09-01-14
hitachijp1\/netm\/dm_client
09-10 ≤
𝑥
≤ 09-10-15
hitachijp1\/netm\/dm_client
09-12 ≤
𝑥
≤ 09-12-16
hitachijp1\/netm\/dm_client
09-50 ≤
𝑥
≤ 09-50-20
hitachijp1\/netm\/dm_client
09-51 ≤
𝑥
≤ 09-51-14
hitachijp1\/netm\/dm_client
10-10 ≤
𝑥
≤ 10-10-23
hitachijp1\/netm\/dm_client-remote_control_feature
08-00 ≤
𝑥
≤ 08-00-06
hitachijp1\/netm\/dm_client-remote_control_feature
08-01 ≤
𝑥
≤ 08-01-03
hitachijp1\/netm\/dm_client-remote_control_feature
08-02 ≤
𝑥
≤ 08-02-04
hitachijp1\/netm\/dm_client-remote_control_feature
08-10 ≤
𝑥
≤ 08-10-10
hitachijp1\/netm\/dm_client-remote_control_feature
08-11 ≤
𝑥
≤ 08-11-06
hitachijp1\/netm\/dm_client-remote_control_feature
08-50 ≤
𝑥
≤ 08-50-04
hitachijp1\/netm\/dm_client-remote_control_feature
08-51 ≤
𝑥
≤ 08-51-14
hitachijp1\/netm\/dm_client-remote_control_feature
09-00 ≤
𝑥
≤ 09-00-13
hitachijp1\/netm\/dm_client-remote_control_feature
09-01 ≤
𝑥
≤ 09-01-12
hitachijp1\/netm\/dm_client-remote_control_feature
09-10 ≤
𝑥
≤ 09-10-13
hitachijp1\/netm\/dm_client-remote_control_feature
09-50 ≤
𝑥
≤ 09-50-19
hitachijp1\/netm\/dm_client-remote_control_feature
09-51 ≤
𝑥
≤ 09-51-08
hitachijp1\/netm\/dm_client-remote_control_feature
10-10 ≤
𝑥
≤ 10-10-20
hitachijp1\/netm\/dm_manager
08-00 ≤
𝑥
≤ 08-00-09
hitachijp1\/netm\/dm_manager
08-02 ≤
𝑥
≤ 08-02-07
hitachijp1\/netm\/dm_manager
08-10 ≤
𝑥
≤ 08-10-13
hitachijp1\/netm\/dm_manager
08-11 ≤
𝑥
≤ 08-11-17
hitachijp1\/netm\/dm_manager
08-50 ≤
𝑥
≤ 08-50-08
hitachijp1\/netm\/dm_manager
08-51 ≤
𝑥
≤ 08-51-18
hitachijp1\/netm\/dm_manager
08-52 ≤
𝑥
≤ 08-52-22
hitachijp1\/netm\/dm_manager
09-00 ≤
𝑥
≤ 09-00-14
hitachijp1\/netm\/dm_manager
09-01 ≤
𝑥
≤ 09-01-14
hitachijp1\/netm\/dm_manager
09-10 ≤
𝑥
≤ 09-10-15
hitachijp1\/netm\/dm_manager
09-12 ≤
𝑥
≤ 09-12-15
hitachijp1\/netm\/dm_manager
09-50 ≤
𝑥
≤ 09-50-20
hitachijp1\/netm\/dm_manager
09-51 ≤
𝑥
≤ 09-51-14
hitachijp1\/netm\/dm_manager
10-10 ≤
𝑥
≤ 10-10-24
hitachijp1\/netm\/remote_control_feature
08-00 ≤
𝑥
≤ 08-00-06
hitachijp1\/netm\/remote_control_feature
08-01 ≤
𝑥
≤ 08-01-03
hitachijp1\/netm\/remote_control_feature
08-02 ≤
𝑥
≤ 08-02-04
hitachijp1\/netm\/remote_control_feature
08-10 ≤
𝑥
≤ 08-10-10
hitachijp1\/netm\/remote_control_feature
08-11 ≤
𝑥
≤ 08-11-06
hitachijp1\/netm\/remote_control_feature
08-50 ≤
𝑥
≤ 08-50-04
hitachijp1\/netm\/remote_control_feature
08-51 ≤
𝑥
≤ 08-51-14
hitachijp1\/netm\/remote_control_feature
09-00 ≤
𝑥
≤ 09-00-13
hitachijp1\/netm\/remote_control_feature
09-01 ≤
𝑥
≤ 09-01-12
hitachijp1\/netm\/remote_control_feature
09-50 ≤
𝑥
≤ 09-50-20
hitachijp1\/netm\/remote_control_feature
09-51 ≤
𝑥
≤ 09-51-08
hitachijp1\/netm\/remote_control_feature
10-10 ≤
𝑥
≤ 10-10-20
hitachijp1\/remote_control_feature
11-00 ≤
𝑥
≤ 11-00-02
hitachijp1\/remote_control_feature
12-00 ≤
𝑥
≤ 12-00-011
𝑥
= Vulnerable software versions
References
https://www.hitachi.com/hirt/security/index.html
https://www.hitachi.com/hirt/security/index.html