CVE-2019-12133

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Desktop Central versions 10.0.380 Zoho ManageEngine EventLog Analyzer versions 12.0.2 Zoho ManageEngine ServiceDesk Plus versions 10.0.0 Zoho ManageEngine SupportCenter Plus versions 8.1 Zoho ManageEngine O365 Manager Plus versions 4.0 Zoho ManageEngine Mobile Device Manager Plus versions 9.0.0 Zoho ManageEngine Patch Connect Plus versions 9.0.0 Zoho ManageEngine Vulnerability Manager Plus versions 9.0.0 Zoho ManageEngine Patch Manager Plus versions 9.0.0 Zoho ManageEngine OpManager versions 12.3 Zoho ManageEngine NetFlow Analyzer versions 11.0 Zoho ManageEngine OpUtils versions 11.0 Zoho ManageEngine Network Configuration Manager versions 11.0 Zoho ManageEngine FireWall versions 12.0 Zoho ManageEngine Key Manager Plus versions 5.6 Zoho ManageEngine Password Manager Pro versions 9.9 Zoho ManageEngine Analytics Plus versions 1.0 Zoho ManageEngine Browser Security Plus (affected versions not specified)

Description The issue is related to local privilege escalation due to improper permissions for the %SYSTEMDRIVE%ManageEngine directory and its sub-folders. Services associated with the affected products try to execute binaries such as sc.exe from the current directory upon system start, allowing non-privileged users to escalate privileges to NT AUTHORITYSYSTEM.

Recommendations For Desktop Central 10.0.380, update the permissions for the %SYSTEMDRIVE%ManageEngine directory and its sub-folders to prevent non-privileged users from escalating privileges. For EventLog Analyzer 12.0.2, restrict the execution of binaries such as sc.exe from the current directory upon system start. For ServiceDesk Plus 10.0.0, ensure proper permissions are set for the %SYSTEMDRIVE%ManageEngine directory and its sub-folders. For SupportCenter Plus 8.1, consider disabling the execution of binaries from the current directory until a patch is available. For O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus, at the moment, there is no information about a newer version that contains a fix for this vulnerability.