CVE-2017-14123

Published: Sep 4, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp.

Affected (1)

Products: Zohocorp: Manageengine Firewall Analyzer

1 product

Manageengine Firewall Analyzer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Firewall Analyzer	Version 12.2 12200

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://blogs.securiteam.com/index.php/archives/3228

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://pitstop.manageengine.com/portal/kb/articles/latest-consolidated-patch

Source: cve@mitre.org

PatchVendor Advisory

https://blogs.securiteam.com/index.php/archives/3228

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

https://pitstop.manageengine.com/portal/kb/articles/latest-consolidated-patch

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.