CVE-2019-17421

Опубликовано: 21 нояб. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.

Ссылки

https://blog.vastart.dev/2019/11/cve-2019-17421-privilege-escalation.html
Third Party Advisory
https://twitter.com/va_start
Exploit
Third Party Advisory
https://www.manageengine.com/products/firewall/security-updates/cve-2019-17421.html
Patch
Vendor Advisory
https://blog.vastart.dev/2019/11/cve-2019-17421-privilege-escalation.html
Third Party Advisory
https://twitter.com/va_start
Exploit
Third Party Advisory
https://www.manageengine.com/products/firewall/security-updates/cve-2019-17421.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.4:124072:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124072:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00089

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-276

Связанные уязвимости

GHSA-xcv5-pjw7-mgp9

github

больше 3 лет назад