CVE-2014-5007

Опубликовано: 17 янв. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Средний

Описание

Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.

Ссылки

http://seclists.org/fulldisclosure/2014/Aug/88
Exploit
Mailing List
Third Party Advisory
https://www.manageengine.com/products/desktop-central/remote-code-execution.html
Vendor Advisory
http://seclists.org/fulldisclosure/2014/Aug/88
Exploit
Mailing List
Third Party Advisory
https://www.manageengine.com/products/desktop-central/remote-code-execution.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:*:*:*:*

Версия от 7.0 (включая) до 9.0 (включая)

cpe:2.3:a:zohocorp:manageengine_desktop_central_managed_service_providers:*:*:*:*:*:*:*:*

Версия от 7.0 (включая) до 9.0 (включая)

EPSS

Процентиль: 98%

0.51612

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-7f93-hqwq-9wxf

github

больше 3 лет назад