Search...

CVE-2014-9371

2014-12-16T18:59:00

ID CVE-2014-9371
Type cve
Reporter cve@mitre.org
Modified 2015-03-07T03:30:00

Description

The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object.

JSON Vulners Source

Initial Source

{"id": "CVE-2014-9371", "bulletinFamily": "NVD", "title": "CVE-2014-9371", "description": "The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object.", "published": "2014-12-16T18:59:00", "modified": "2015-03-07T03:30:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9371", "reporter": "cve@mitre.org", "references": ["http://www.zerodayinitiative.com/advisories/ZDI-14-420/"], "cvelist": ["CVE-2014-9371"], "type": "cve", "lastseen": "2021-02-02T06:14:36", "edition": 6, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "zdt", "idList": ["1337DAY-ID-23002"]}, {"type": "zdi", "idList": ["ZDI-14-420"]}, {"type": "nessus", "idList": ["MANAGEENGINE_DESKTOP_CENTRAL_MSP_BUILD_90075_JSON_RCE.NASL"]}], "modified": "2021-02-02T06:14:36", "rev": 2}, "score": {"value": 8.3, "vector": "NONE", "modified": "2021-02-02T06:14:36", "rev": 2}, "vulnersScore": 8.3}, "cpe": ["cpe:/a:zohocorp:manageengine_desktop_central:9.0"], "affectedSoftware": [{"cpeName": "zohocorp:manageengine_desktop_central", "name": "zohocorp manageengine desktop central", "operator": "le", "version": "9.0"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:zohocorp:manageengine_desktop_central:9.0:*:*:*:managed_service_providers:*:*:*"], "cwe": ["CWE-20"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_desktop_central:9.0:*:*:*:managed_service_providers:*:*:*", "versionEndIncluding": "9.0", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-420/", "refsource": "MISC", "tags": [], "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-420/"}], "immutableFields": []}

{"zdt": [{"lastseen": "2018-03-19T17:07:26", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability.\r The specific flaw exists within the NativeAppServlet servlet. The issue lies in the failure to sanitize JSON data before processing it. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.\n\nThis is private exploit. You can buy it at https://0day.today", "edition": 2, "published": "2014-12-13T00:00:00", "type": "zdt", "title": "ManageEngine Desktop Central MSP Remote Code Execution Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-9371"], "modified": "2014-12-13T00:00:00", "id": "1337DAY-ID-23002", "href": "https://0day.today/exploit/description/23002", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "zdi": [{"lastseen": "2020-06-22T11:40:41", "bulletinFamily": "info", "cvelist": ["CVE-2014-9371"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NativeAppServlet servlet. The issue lies in the failure to sanitize JSON data before processing it. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.", "modified": "2014-06-22T00:00:00", "published": "2014-12-11T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-14-420/", "id": "ZDI-14-420", "title": "ManageEngine Desktop Central MSP NativeAppServlet UDID JSON Object Code Injection Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-20T12:02:12", "description": "The version of ManageEngine Desktop Central MSP installed on the\nremote host is affected by a remote code execution vulnerability due\nto a failure by NativeAppServlet to properly sanitize JSON data before\nprocessing it. A remote attacker, using a crafted JSON object, can\nexploit this to execute arbitrary code.", "edition": 26, "published": "2015-03-09T00:00:00", "title": "ManageEngine Desktop Central NativeAppServlet UDID JSON RCE", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9371"], "modified": "2015-03-09T00:00:00", "cpe": ["cpe:/a:zohocorp:manageengine_desktop_central"], "id": "MANAGEENGINE_DESKTOP_CENTRAL_MSP_BUILD_90075_JSON_RCE.NASL", "href": "https://www.tenable.com/plugins/nessus/81704", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81704);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9371\");\n script_bugtraq_id(71641);\n\n script_name(english:\"ManageEngine Desktop Central NativeAppServlet UDID JSON RCE\");\n script_summary(english:\"Checks the build number of Desktop Central MSP.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a Java web application that allows\nexecution of arbitrary code.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ManageEngine Desktop Central MSP installed on the\nremote host is affected by a remote code execution vulnerability due\nto a failure by NativeAppServlet to properly sanitize JSON data before\nprocessing it. A remote attacker, using a crafted JSON object, can\nexploit this to execute arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-14-420/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ManageEngine Desktop Central MSP 9 Build 90075 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:zohocorp:manageengine_desktop_central\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"manageengine_desktop_central_detect.nbin\");\n script_require_keys(\"installed_sw/ManageEngine Desktop Central\");\n script_require_ports(\"Services/www\", 8040);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nappname = \"ManageEngine Desktop Central\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\n\nport = get_http_port(default:8040);\n\ninstall = get_single_install(\n app_name : appname,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install[\"path\"];\nversion = install[\"version\"];\nbuild = install[\"build\"];\nismsp = install[\"MSP\"];\nrep_version = version;\nif(build != UNKNOWN_VER)\n rep_version += \" Build \"+build;\ninstall_url = build_url(port:port, qs:dir);\n\n# Only MSP known to be affected\nif(!ismsp)\n exit(0, \"Only the Managed Service Providers edition of Desktop Central is known to be affected.\");\nelse\n appname += \" (MSP)\";\n\nif (version =~ \"^9(\\.|$)\" && build == UNKNOWN_VER) \n exit(0, \"The build number of \"+appname+\" version \" +rep_version+ \" listening at \" +install_url+ \" could not be determined.\");\n\n# All versions < 9 Build 90075\nif (\n version =~ \"^9(\\.|$)\" && int(build) < 90075 ||\n version =~ \"^[1-8](\\.|$)\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + install_url +\n '\\n Installed version : ' + rep_version + \n '\\n Fixed version : 9 Build 90075' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, install_url, rep_version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}