LANDesk Management Server - Multiple Vulnerabilities

Multiple vulnerabilities of varying severity have been identified in LDMS Service Update 5

May 25, 2019

The vendor has been notified of these vulnerabilities. This version is no longer being actively developed (end of life 12/31/2018), so these vulnerabilities will not be patched. However, fixes will be released for supported versions where applicable. These vulnerabilities affect the following LDMS modules:

  • Managed endpoint security settings
  • Provisioning
  • Endpoint encryption / Mac file vault / Device Adminsitration
  • Device Inventory / Vulnerability Management

These vulnerabilities range in severity from inconsequential to critical, and some can be used together to gain full administrative control of the LDMS server and/or a full takeover of managed endpoints.

A list of weaknesses found is as follows:

A list of confirmed vulnerabilities derived from those weaknesses is as follows:

*At least one additional vulnerability is confirmed to affect newer versions of LDMS. I will not publish these vulnerabilities until the vendor confirms that they have been patched.

Return to blog