PT-2019-15146 · Zoho+1 · Zoho Manageengine Opmanager+2

Guy Levin

Publicado

2019-11-21

Atualizado

2021-04-29

CVE-2019-17421

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine OpManager version 12.4.072 Zoho ManageEngine Firewall Analyzer version 12.4.072

Description The issue arises from incorrect file permissions on the packaged Nipper executable file, allowing local users to elevate privileges to root by overwriting this file with a malicious payload.

Recommendations For Zoho ManageEngine OpManager version 12.4.072, update the file permissions of the Nipper executable to prevent local users from overwriting it. For Zoho ManageEngine Firewall Analyzer version 12.4.072, update the file permissions of the Nipper executable to prevent local users from overwriting it.

Exploit

Correção

Incorrect Default Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-276

Identificadores relacionados

CVE-2019-17421

Produtos afetados

Nipper

Zoho Manageengine Firewall Analyzer

Zoho Manageengine Opmanager

PT-2019-15146 · Zoho+1 · Zoho Manageengine Opmanager+2

CVE-2019-17421

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5