← Zuruck zu CVEs
CVE-2019-17421
HIGH7.8
Beschreibung
Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.
CVE Details
CVSS v3.1 Bewertung7.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht11/21/2019
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
zohocorp:manageengine_firewall_analyzerzohocorp:manageengine_opmanager
Schwachen (CWE)
CWE-276
Referenzen
https://twitter.com/va_start(cve@mitre.org)
https://blog.vastart.dev/2019/11/cve-2019-17421-privilege-escalation.html(af854a3a-2127-422b-91ae-364da2661108)
https://twitter.com/va_start(af854a3a-2127-422b-91ae-364da2661108)
https://www.manageengine.com/products/firewall/security-updates/cve-2019-17421.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.