CVE-2021-29645

Name of the Vulnerable Software and Affected Versions Hitachi JP1/IT Desktop Management 2 Agent versions 9 through 12

Description The issue allows an attacker to execute arbitrary code on the local system due to a local privilege escalation vulnerability. This is caused by Hitachi JP1/IT Desktop Management 2 Agent calling the SendMessageTimeoutW API with arbitrary arguments via a local pipe.

Recommendations For Hitachi JP1/IT Desktop Management 2 Agent versions 9 through 12, consider restricting access to the local pipe used by the SendMessageTimeoutW API until a patch is available. As a temporary workaround, disabling the use of arbitrary arguments in the SendMessageTimeoutW API call may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.