PT-2018-16910 · Zoho+1 · Zoho Manageengine Desktop Central+1

Published

2018-04-18

Updated

2019-10-03

CVE-2018-5342

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Desktop Central versions 10.0.124 through 10.0.184

Description An issue was discovered where network services, including Desktop Central and PostgreSQL, run with a superuser account.

Recommendations For versions 10.0.124 through 10.0.184, consider running the network services with a non-superuser account to minimize potential risks.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2018-5342

Affected Products

Postgresql

Zoho Manageengine Desktop Central

PT-2018-16910 · Zoho+1 · Zoho Manageengine Desktop Central+1

CVE-2018-5342

Weakness Enumeration

Related Identifiers

Affected Products

References · 3