CVE-2019-12376

CVE Database · CVE-2019-12376

CVE-2019-12376

· N/AModified

CVSS v3.1

N/A

EPSS

0.61%

Published

Jun 3, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges.

Weaknesses (CWE)

CWE-798

Affected Products (1)

ivanti · landesk_management_suitevulnerable

References (2)

https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-hard-coded-encryption-key/

ExploitThird Party Advisory

https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-hard-coded-encryption-key/

ExploitThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs