In this post we describe a vulnerability we discovered in the Ivanti LanDesk software and how it can be exploited to achieve local privilege escalation via arbitrary code execution. Ivanti disclosed the vulnerability in their advisory on May 28th 2024 assigning it CVE-2024-22058. This vulnerability affects the Ivanti Endpoint Manager (EPM) up