Ivanti Workspace Control Named Pipe Privilege Escalation

Credit: Yorick Koster
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-264

------------------------------------------------------------------------ Ivanti Workspace Control local privilege escalation via Named Pipe ------------------------------------------------------------------------ Yorick Koster, August 2018 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ It was found that Ivanti Workspace Control allows a local (unprivileged) attacker to run arbitrary commands with Administrator privileges. This issue can be exploited by spawning a new Composer process, injecting a malicious thread in this process. This thread connects to a Named Pipe and sends an instruction to a service to launch an attacker-defined application with elevated privileges. ------------------------------------------------------------------------ Tested versions ------------------------------------------------------------------------ This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 & 10.2.950.0. ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ This issue was resolved in Ivanti Workspace Control version ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://www.securify.nl/advisory/SFY20180802/ivanti-workspace-control-local-privilege-escalation-via-named-pipe.html

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com


Back to Top