CVE-2021-29645

7.0 HIGH

📋 TL;DR

This vulnerability allows local attackers to escalate privileges on systems running affected versions of Hitachi JP1/IT Desktop Management 2 Agent. By exploiting improper API calls through local pipes, attackers can execute arbitrary code with elevated privileges. Organizations using versions 9 through 12 of this software are affected.

💻 Affected Systems

Products:

• Hitachi JP1/IT Desktop Management 2 Agent

Versions: 9 through 12

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local access to the system. The vulnerability is in the agent component of the JP1/IT Desktop Management suite.

📦 What is this software?

It Operations Director by Hitachi

View all CVEs affecting It Operations Director →

It Operations Director by Hitachi

View all CVEs affecting It Operations Director →

It Operations Director by Hitachi

View all CVEs affecting It Operations Director →

It Operations Director by Hitachi

View all CVEs affecting It Operations Director →

Job Management Partner 1\/it Desktop Management 2 Manager by Hitachi

View all CVEs affecting Job Management Partner 1\/it Desktop Management 2 Manager →

Job Management Partner 1\/it Desktop Management Manager by Hitachi

View all CVEs affecting Job Management Partner 1\/it Desktop Management Manager →

Job Management Partner 1\/it Desktop Management Manager by Hitachi

View all CVEs affecting Job Management Partner 1\/it Desktop Management Manager →

Job Management Partner 1\/it Desktop Management Manager by Hitachi

View all CVEs affecting Job Management Partner 1\/it Desktop Management Manager →

Job Management Partner 1\/remote Control Agent by Hitachi

View all CVEs affecting Job Management Partner 1\/remote Control Agent →

Job Management Partner 1\/remote Control Agent by Hitachi

View all CVEs affecting Job Management Partner 1\/remote Control Agent →

Job Management Partner 1\/remote Control Agent by Hitachi

View all CVEs affecting Job Management Partner 1\/remote Control Agent →

Job Management Partner 1\/remote Control Agent by Hitachi

View all CVEs affecting Job Management Partner 1\/remote Control Agent →

Job Management Partner 1\/remote Control Agent by Hitachi

View all CVEs affecting Job Management Partner 1\/remote Control Agent →

Job Management Partner 1\/remote Control Agent by Hitachi

View all CVEs affecting Job Management Partner 1\/remote Control Agent →

Job Management Partner 1\/software Distribution Client by Hitachi

View all CVEs affecting Job Management Partner 1\/software Distribution Client →

Job Management Partner 1\/software Distribution Client by Hitachi

View all CVEs affecting Job Management Partner 1\/software Distribution Client →

Job Management Partner 1\/software Distribution Client by Hitachi

View all CVEs affecting Job Management Partner 1\/software Distribution Client →

Job Management Partner 1\/software Distribution Client by Hitachi

View all CVEs affecting Job Management Partner 1\/software Distribution Client →

Job Management Partner 1\/software Distribution Client by Hitachi

View all CVEs affecting Job Management Partner 1\/software Distribution Client →

Job Management Partner 1\/software Distribution Client by Hitachi

View all CVEs affecting Job Management Partner 1\/software Distribution Client →

Job Management Partner 1\/software Distribution Manager by Hitachi

View all CVEs affecting Job Management Partner 1\/software Distribution Manager →

Job Management Partner 1\/software Distribution Manager by Hitachi

View all CVEs affecting Job Management Partner 1\/software Distribution Manager →

Job Management Partner 1\/software Distribution Manager by Hitachi

View all CVEs affecting Job Management Partner 1\/software Distribution Manager →

Job Management Partner 1\/software Distribution Manager by Hitachi

View all CVEs affecting Job Management Partner 1\/software Distribution Manager →

Job Management Partner 1\/software Distribution Manager by Hitachi

View all CVEs affecting Job Management Partner 1\/software Distribution Manager →

Job Management Partner 1\/software Distribution Manager by Hitachi

View all CVEs affecting Job Management Partner 1\/software Distribution Manager →

Jp1\/it Desktop Management 2 Manager by Hitachi

View all CVEs affecting Jp1\/it Desktop Management 2 Manager →

Jp1\/it Desktop Management 2 Manager by Hitachi

View all CVEs affecting Jp1\/it Desktop Management 2 Manager →

Jp1\/it Desktop Management 2 Manager by Hitachi

View all CVEs affecting Jp1\/it Desktop Management 2 Manager →

Jp1\/it Desktop Management 2 Manager by Hitachi

View all CVEs affecting Jp1\/it Desktop Management 2 Manager →

Jp1\/it Desktop Management 2 Manager by Hitachi

View all CVEs affecting Jp1\/it Desktop Management 2 Manager →

Jp1\/it Desktop Management 2 Manager by Hitachi

View all CVEs affecting Jp1\/it Desktop Management 2 Manager →

Jp1\/it Desktop Management 2 Manager by Hitachi

View all CVEs affecting Jp1\/it Desktop Management 2 Manager →

Jp1\/it Desktop Management 2 Manager by Hitachi

View all CVEs affecting Jp1\/it Desktop Management 2 Manager →

Jp1\/it Desktop Management 2 Manager by Hitachi

View all CVEs affecting Jp1\/it Desktop Management 2 Manager →

Jp1\/it Desktop Management 2 Operations Director by Hitachi

View all CVEs affecting Jp1\/it Desktop Management 2 Operations Director →

Jp1\/it Desktop Management 2 Operations Director by Hitachi

View all CVEs affecting Jp1\/it Desktop Management 2 Operations Director →

Jp1\/it Desktop Management 2 Operations Director by Hitachi

View all CVEs affecting Jp1\/it Desktop Management 2 Operations Director →

Jp1\/it Desktop Management 2 Operations Director by Hitachi

View all CVEs affecting Jp1\/it Desktop Management 2 Operations Director →

Jp1\/it Desktop Management 2 Operations Director by Hitachi

View all CVEs affecting Jp1\/it Desktop Management 2 Operations Director →

Jp1\/it Desktop Management 2 Operations Director by Hitachi

View all CVEs affecting Jp1\/it Desktop Management 2 Operations Director →

Jp1\/it Desktop Management 2 Operations Director by Hitachi

View all CVEs affecting Jp1\/it Desktop Management 2 Operations Director →

Jp1\/it Desktop Management Manager by Hitachi

View all CVEs affecting Jp1\/it Desktop Management Manager →

Jp1\/it Desktop Management Manager by Hitachi

View all CVEs affecting Jp1\/it Desktop Management Manager →

Jp1\/it Desktop Management Manager by Hitachi

View all CVEs affecting Jp1\/it Desktop Management Manager →

Jp1\/it Desktop Management Manager by Hitachi

View all CVEs affecting Jp1\/it Desktop Management Manager →

Jp1\/it Desktop Management Manager by Hitachi

View all CVEs affecting Jp1\/it Desktop Management Manager →

Jp1\/it Desktop Management Manager by Hitachi

View all CVEs affecting Jp1\/it Desktop Management Manager →

Jp1\/netm\/dm Client by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client →

Jp1\/netm\/dm Client by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client →

Jp1\/netm\/dm Client by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client →

Jp1\/netm\/dm Client by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client →

Jp1\/netm\/dm Client by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client →

Jp1\/netm\/dm Client by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client →

Jp1\/netm\/dm Client by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client →

Jp1\/netm\/dm Client by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client →

Jp1\/netm\/dm Client by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client →

Jp1\/netm\/dm Client by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client →

Jp1\/netm\/dm Client by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client →

Jp1\/netm\/dm Client by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client →

Jp1\/netm\/dm Client by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client →

Jp1\/netm\/dm Client by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client →

Jp1\/netm\/dm Client by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client →

Jp1\/netm\/dm Client by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client →

Jp1\/netm\/dm Client Remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client Remote Control Feature →

Jp1\/netm\/dm Client Remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client Remote Control Feature →

Jp1\/netm\/dm Client Remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client Remote Control Feature →

Jp1\/netm\/dm Client Remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client Remote Control Feature →

Jp1\/netm\/dm Client Remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client Remote Control Feature →

Jp1\/netm\/dm Client Remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client Remote Control Feature →

Jp1\/netm\/dm Client Remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client Remote Control Feature →

Jp1\/netm\/dm Client Remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client Remote Control Feature →

Jp1\/netm\/dm Client Remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client Remote Control Feature →

Jp1\/netm\/dm Client Remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client Remote Control Feature →

Jp1\/netm\/dm Client Remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client Remote Control Feature →

Jp1\/netm\/dm Client Remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client Remote Control Feature →

Jp1\/netm\/dm Client Remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/dm Client Remote Control Feature →

Jp1\/netm\/dm Manager by Hitachi

View all CVEs affecting Jp1\/netm\/dm Manager →

Jp1\/netm\/dm Manager by Hitachi

View all CVEs affecting Jp1\/netm\/dm Manager →

Jp1\/netm\/dm Manager by Hitachi

View all CVEs affecting Jp1\/netm\/dm Manager →

Jp1\/netm\/dm Manager by Hitachi

View all CVEs affecting Jp1\/netm\/dm Manager →

Jp1\/netm\/dm Manager by Hitachi

View all CVEs affecting Jp1\/netm\/dm Manager →

Jp1\/netm\/dm Manager by Hitachi

View all CVEs affecting Jp1\/netm\/dm Manager →

Jp1\/netm\/dm Manager by Hitachi

View all CVEs affecting Jp1\/netm\/dm Manager →

Jp1\/netm\/dm Manager by Hitachi

View all CVEs affecting Jp1\/netm\/dm Manager →

Jp1\/netm\/dm Manager by Hitachi

View all CVEs affecting Jp1\/netm\/dm Manager →

Jp1\/netm\/dm Manager by Hitachi

View all CVEs affecting Jp1\/netm\/dm Manager →

Jp1\/netm\/dm Manager by Hitachi

View all CVEs affecting Jp1\/netm\/dm Manager →

Jp1\/netm\/dm Manager by Hitachi

View all CVEs affecting Jp1\/netm\/dm Manager →

Jp1\/netm\/dm Manager by Hitachi

View all CVEs affecting Jp1\/netm\/dm Manager →

Jp1\/netm\/dm Manager by Hitachi

View all CVEs affecting Jp1\/netm\/dm Manager →

Jp1\/netm\/remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/remote Control Feature →

Jp1\/netm\/remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/remote Control Feature →

Jp1\/netm\/remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/remote Control Feature →

Jp1\/netm\/remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/remote Control Feature →

Jp1\/netm\/remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/remote Control Feature →

Jp1\/netm\/remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/remote Control Feature →

Jp1\/netm\/remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/remote Control Feature →

Jp1\/netm\/remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/remote Control Feature →

Jp1\/netm\/remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/remote Control Feature →

Jp1\/netm\/remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/remote Control Feature →

Jp1\/netm\/remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/remote Control Feature →

Jp1\/netm\/remote Control Feature by Hitachi

View all CVEs affecting Jp1\/netm\/remote Control Feature →

Jp1\/remote Control Feature by Hitachi

View all CVEs affecting Jp1\/remote Control Feature →

Jp1\/remote Control Feature by Hitachi

View all CVEs affecting Jp1\/remote Control Feature →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative privileges, allowing installation of persistent malware, data theft, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation leading to unauthorized administrative access on individual workstations, potentially enabling credential harvesting and further attacks.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are enforced, though local compromise of affected systems remains possible.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.

🏢 Internal Only: HIGH - Attackers with initial access to a workstation can escalate privileges and potentially move laterally within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of the vulnerability. The SendMessageTimeoutW API misuse through local pipes provides the attack vector.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://www.hitachi.com/hirt/security/index.html

Restart Required: Yes

Instructions:

1. Check the Hitachi security advisory for specific patch details. 2. Download the appropriate patch for your version. 3. Apply the patch following vendor instructions. 4. Restart affected systems.

🔧 Temporary Workarounds

Restrict Local Pipe Access

windows

Configure Windows security policies to restrict access to local pipes used by the JP1 agent

Copy

Use Windows Group Policy or local security policy to restrict pipe access

Disable Unnecessary JP1 Services

windows

Disable JP1/IT Desktop Management 2 Agent services if not required

Copy

sc stop "JP1/IT Desktop Management 2 Agent"
sc config "JP1/IT Desktop Management 2 Agent" start= disabled

🧯 If You Can't Patch

• Implement strict network segmentation to isolate systems running vulnerable software
• Apply principle of least privilege to user accounts and restrict local administrative access

🔍 How to Verify

Check if Vulnerable:

Copy

Check the installed version of Hitachi JP1/IT Desktop Management 2 Agent via Control Panel > Programs and Features or using PowerShell: Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -like '*JP1/IT Desktop Management 2 Agent*'}

Check Version:

Copy

Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -like '*JP1/IT Desktop Management 2 Agent*'} | Select-Object Name, Version

Verify Fix Applied:

Copy

Verify the agent version is updated beyond vulnerable versions (9-12) and check vendor advisory for specific patched version numbers

📡 Detection & Monitoring

Log Indicators:

• Unusual process creation from JP1 agent services
• Suspicious API calls to SendMessageTimeoutW
• Unexpected privilege escalation events

Network Indicators:

• Unusual local pipe communication patterns
• Lateral movement attempts from previously compromised systems

SIEM Query:

Copy

EventID=4688 AND (ProcessName LIKE '%jp1%' OR ParentProcessName LIKE '%jp1%') AND NewProcessName NOT IN (expected_process_list)

📊 Metadata

CVE ID: CVE-2021-29645

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: October 12, 2021

Last Updated: November 21, 2024

🔗 References

• https://www.hitachi.com/hirt/security/index.html Vendor Advisory
• https://www.hitachi.com/hirt/security/index.html Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON