CVE-2019-17421

HIGH

7.8

Descripcion

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.

Detalles CVE

Puntuacion CVSS v3.17.8

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueLOCAL

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado11/21/2019

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

zohocorp:manageengine_firewall_analyzerzohocorp:manageengine_opmanager

Debilidades (CWE)

CWE-276

Referencias

https://blog.vastart.dev/2019/11/cve-2019-17421-privilege-escalation.html(cve@mitre.org)

https://twitter.com/va_start(cve@mitre.org)

https://www.manageengine.com/products/firewall/security-updates/cve-2019-17421.html(cve@mitre.org)

https://blog.vastart.dev/2019/11/cve-2019-17421-privilege-escalation.html(af854a3a-2127-422b-91ae-364da2661108)

https://twitter.com/va_start(af854a3a-2127-422b-91ae-364da2661108)

https://www.manageengine.com/products/firewall/security-updates/cve-2019-17421.html(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.