PT-2019-12996 · Zoho Manageengine · Desktopcentral+2

Publicado

2019-07-17

Atualizado

2020-08-24

CVE-2019-12876

CVSS v2.0

8.5

Alta

Vetor

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADManager Plus version 6.6.5 Zoho ManageEngine ADSelfService Plus version 5.7 Zoho ManageEngine DesktopCentral version 10.0.380

Description The issue is related to Insecure Permissions, which can lead to Privilege Escalation from low-level privileges to System. This allows an attacker to gain higher privileges than intended.

Recommendations For Zoho ManageEngine ADManager Plus version 6.6.5, update the permissions configuration to ensure proper access control. For Zoho ManageEngine ADSelfService Plus version 5.7, restrict access to sensitive features to prevent exploitation. For Zoho ManageEngine DesktopCentral version 10.0.380, consider disabling any features that rely on the insecure permissions until a proper fix is applied.

Exploit

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

CVE-2019-12876

Produtos afetados

Admanager Plus

Adselfservice Plus

Desktopcentral

PT-2019-12996 · Zoho Manageengine · Desktopcentral+2

CVE-2019-12876

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4