Unrated severityNVD Advisory· Published Nov 12, 2020· Updated Aug 4, 2024
CVE-2020-13770
CVE-2020-13770
Description
Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service account having SeImpersonatePrivilege (eg. user ‘NT AUTHORITY\NETWORK SERVICE’).
Affected products
2- Ivanti/Endpoint Managerdescription
- Range: <=2020.1.1
Patches
Vulnerability mechanics
References
1- labs.jumpsec.com/advisory-cve-2020-13770-ivanti-uem-named-pipe-token-impersonation/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.