CVE-2022-25153 Information

Description

The ITarian Endpoint Manage Communication Client prior to version 6.43.41148.21120 is compiled using insecure OpenSSL settings. Due to this setting a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup.

Reference

https://csirt.divd.nl/CVE-2022-25153 https://csirt.divd.nl/cases/DIVD-2021-00037