PT-2014-8967 · Manageengine · Manageengine Desktop Central

Andrea Micalizzi

Published

2014-12-11

Updated

2015-03-07

CVE-2014-9371

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ManageEngine Desktop Central MSP versions prior to 90075

Description The issue allows remote attackers to execute arbitrary code via a crafted JSON object. This is related to the NativeAppServlet in ManageEngine Desktop Central MSP.

Recommendations For versions prior to 90075, update to version 90075 or later to resolve the issue. As a temporary workaround, consider restricting access to the NativeAppServlet to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2014-9371

ZDI-14-420

Affected Products

Manageengine Desktop Central

PT-2014-8967 · Manageengine · Manageengine Desktop Central

CVE-2014-9371

Weakness Enumeration

Related Identifiers

Affected Products

References · 3