CVE-2019-17421

Published: Nov 21, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.

Affected (2)

Products: Zohocorp: Manageengine Firewall Analyzer, Manageengine Opmanager

Zohocorp

2 products

Manageengine Firewall Analyzer

Manageengine Opmanager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Firewall Analyzer	Version 12.4 124072
Zohocorp Manageengine Opmanager	Version 12.4 build124072

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (6)

https://blog.vastart.dev/2019/11/cve-2019-17421-privilege-escalation.html

Source: cve@mitre.org

Third Party Advisory

https://twitter.com/va_start

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.manageengine.com/products/firewall/security-updates/cve-2019-17421.html

Source: cve@mitre.org

PatchVendor Advisory

https://blog.vastart.dev/2019/11/cve-2019-17421-privilege-escalation.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://twitter.com/va_start

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.manageengine.com/products/firewall/security-updates/cve-2019-17421.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.