CVE-2020-13770 : What You Need to Know
Learn about CVE-2020-13770, a privilege escalation vulnerability in Ivanti Endpoint Manager allowing attackers to gain higher access levels. Find out how to mitigate this security risk.
A vulnerability in Ivanti Endpoint Manager allows privilege escalation through named pipes.
Understanding CVE-2020-13770
What is CVE-2020-13770?
Several services in Ivanti Endpoint Manager up to version 2020.1.1 have default or overly permissive security attributes, enabling privilege escalation from local accounts.
The Impact of CVE-2020-13770
The vulnerability can be exploited to escalate privileges from a standard or service account to gain higher access levels.
Technical Details of CVE-2020-13770
Vulnerability Description
Services accessing named pipes in Ivanti Endpoint Manager can be leveraged to escalate privileges to 'NT AUTHORITY\SYSTEM' from accounts with SeImpersonatePrivilege.
Affected Systems and Versions
- Product: Ivanti Endpoint Manager
- Versions affected: Up to 2020.1.1
Exploitation Mechanism
The issue arises due to services running as 'NT AUTHORITY\SYSTEM' with insecure security attributes, allowing privilege escalation.
Mitigation and Prevention
Immediate Steps to Take
- Apply vendor-supplied patches promptly.
- Restrict access to named pipes to authorized users only.
- Monitor for unauthorized access attempts.
Long-Term Security Practices
- Implement the principle of least privilege for user accounts.
- Regularly review and update security configurations.
Patching and Updates
Ensure Ivanti Endpoint Manager is updated to the latest version to mitigate the vulnerability.