PT-2017-3507 · Manageengine · Manageengine Desktop Central

Publicado

2017-04-12

Atualizado

2017-05-23

CVE-2017-7213

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ManageEngine Desktop Central versions prior to build 100082

Description The issue is related to insufficient input validation in the web interface of ManageEngine Desktop Central, allowing remote attackers to gain control over all connected active desktops.

Recommendations For ManageEngine Desktop Central versions prior to build 100082, update to build 100082 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface until the update is applied.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2018-00354

CVE-2017-7213

Produtos afetados

Manageengine Desktop Central

PT-2017-3507 · Manageengine · Manageengine Desktop Central

CVE-2017-7213

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3