PT-2019-12996 · Zoho Manageengine · Desktopcentral+2

Published

2019-07-17

Updated

2020-08-24

CVE-2019-12876

CVSS v2.0

8.5

High

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADManager Plus version 6.6.5 Zoho ManageEngine ADSelfService Plus version 5.7 Zoho ManageEngine DesktopCentral version 10.0.380

Description The issue is related to Insecure Permissions, which can lead to Privilege Escalation from low-level privileges to System. This allows an attacker to gain higher privileges than intended.

Recommendations For Zoho ManageEngine ADManager Plus version 6.6.5, update the permissions configuration to ensure proper access control. For Zoho ManageEngine ADSelfService Plus version 5.7, restrict access to sensitive features to prevent exploitation. For Zoho ManageEngine DesktopCentral version 10.0.380, consider disabling any features that rely on the insecure permissions until a proper fix is applied.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2019-12876

Affected Products

Admanager Plus

Adselfservice Plus

Desktopcentral

PT-2019-12996 · Zoho Manageengine · Desktopcentral+2

CVE-2019-12876

Weakness Enumeration

Related Identifiers

Affected Products

References · 4