PT-2017-3507 · Manageengine · Manageengine Desktop Central

Published

2017-04-12

Updated

2017-05-23

CVE-2017-7213

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ManageEngine Desktop Central versions prior to build 100082

Description The issue is related to insufficient input validation in the web interface of ManageEngine Desktop Central, allowing remote attackers to gain control over all connected active desktops.

Recommendations For ManageEngine Desktop Central versions prior to build 100082, update to build 100082 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface until the update is applied.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2018-00354

CVE-2017-7213

Affected Products

Manageengine Desktop Central

PT-2017-3507 · Manageengine · Manageengine Desktop Central

CVE-2017-7213

Weakness Enumeration

Related Identifiers

Affected Products

References · 3