CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-25153

The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.3%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 7.2

References

https://csirt.divd.nl/CVE-2022-25153
https://csirt.divd.nl/DIVD-2021-00037
https://csirt.divd.nl/CVE-2022-25153
https://csirt.divd.nl/DIVD-2021-00037

Products affected by CVE-2022-25153

Itarian » Endpoint Manager Communication Client » Version: N/A

cpe:2.3:a:itarian:endpoint_manager_communication_client:-
Itarian » Endpoint Manager Communication Client » Version: 6.43.41148.21120

cpe:2.3:a:itarian:endpoint_manager_communication_client:6.43.41148.21120

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-25153

Products

Pricing

Contact Us