Unrated severityNVD Advisory· Published Nov 12, 2020· Updated Aug 4, 2024
CVE-2020-13771
CVE-2020-13771
Description
Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation of privileges to the level of privilege held by the vulnerable component such as NT AUTHORITY\SYSTEM) via DLL hijacking. This affects ldiscn32.exe, IpmiRedirectionService.exe, LDAPWhoAmI.exe, and ldprofile.exe.
Affected products
2- Ivanti/Endpoint Managerdescription
- Range: <=2020.1.1
Patches
Vulnerability mechanics
References
1- labs.jumpsec.com/advisory-cve-2020-13771-ivanti-uem-dll-hijacking/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.