CVE-2019-17421

Sažetak

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.

Reference

https://twitter.com/va_start
https://blog.vastart.dev/2019/11/cve-2019-17421-privilege-escalation.html
https://www.manageengine.com/products/firewall/security-updates/cve-2019-17421.html

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-04-2021 - 18:17

Objavljeno

21-11-2019 - 15:15