An unquoted service path allows a possible extension of rights at the system level.
Vulnerability in Ivanti DSM Remote
Twitter
LinkedIn
Facebook
CVE
Vulnerability type
Privilege Escalation
Pentester
Florian Hansemann
Publication
08.03.2022
Software version
DSM Remote Version <= 6.3.1.1862
Timeline
– 29.10.2021 Manufacturer informs
– 30.10.2021 Manufacturer states that the software has not been supported since 2014 and recommends no longer using it.
– 14.04.2022 CVE release
