PT-2015-3321 · Manageengine · Manageengine Desktop Central

Sinn3R

Published

2015-07-08

Updated

2020-02-17

CVE-2015-8249

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ManageEngine Desktop Central versions prior to 9 build 91093

Description The issue is related to the FileUploadServlet class in ManageEngine Desktop Central, which lacks restrictions on file uploads. This can be exploited by a remote, unauthenticated attacker to upload and execute arbitrary files in the context of SYSTEM by injecting a null byte at the end of the ConnectionId parameter value.

Recommendations For ManageEngine Desktop Central versions prior to 9 build 91093, update to build 91093 or later to resolve the issue. As a temporary workaround, consider restricting access to the FileUploadServlet class until a patch is applied. Avoid using the ConnectionId parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-158CWE-434

Related Identifiers

BDU:2017-02305

CVE-2015-8249

Affected Products

Manageengine Desktop Central

PT-2015-3321 · Manageengine · Manageengine Desktop Central

CVE-2015-8249

Weakness Enumeration

Related Identifiers

Affected Products

References · 8