Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-12133
HistoryJun 18, 2019 - 10:15 p.m.

CVE-2019-12133

2019-06-1822:15:12
CWE-427
CWE-732
[email protected]
web.nvd.nist.gov
107
zoho
manageengine
products
local privilege escalation
vulnerability
cve-2019-12133
nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.4%

JSON

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.

Affected configurations

NVD
Node
zohocorpmanageengine_analytics_plusMatch1.0
OR
zohocorpmanageengine_browser_security_plusMatch-
OR
zohocorpmanageengine_desktop_centralMatch10.0.380
OR
zohocorpmanageengine_eventlog_analyzerMatch12.0.2
OR
zohocorpmanageengine_firewallMatch12.0
OR
zohocorpmanageengine_key_manager_plusMatch5.6
OR
zohocorpmanageengine_mobile_device_manager_plusMatch9.0.0
OR
zohocorpmanageengine_netflow_analyzerMatch11.0
OR
zohocorpmanageengine_network_configuration_managerMatch11.0
OR
zohocorpmanageengine_o365_manager_plusMatch4.0
OR
zohocorpmanageengine_opmanagerMatch12.3
OR
zohocorpmanageengine_oputilsMatch11.0
OR
zohocorpmanageengine_password_manager_proMatch9.9
OR
zohocorpmanageengine_patch_connect_plusMatch9.0.0
OR
zohocorpmanageengine_patch_manager_plusMatch9.0.0
OR
zohocorpmanageengine_servicedesk_plusMatch10.0.0
OR
zohocorpmanageengine_supportcenter_plusMatch8.1
OR
zohocorpmanageengine_vulnerability_manager_plusMatch9.0.0
CPENameOperatorVersion
zohocorp:manageengine_analytics_pluszohocorp manageengine analytics pluseq1.0
zohocorp:manageengine_browser_security_pluszohocorp manageengine browser security pluseq-
zohocorp:manageengine_desktop_centralzohocorp manageengine desktop centraleq10.0.380
zohocorp:manageengine_eventlog_analyzerzohocorp manageengine eventlog analyzereq12.0.2
zohocorp:manageengine_firewallzohocorp manageengine firewalleq12.0
zohocorp:manageengine_key_manager_pluszohocorp manageengine key manager pluseq5.6
zohocorp:manageengine_mobile_device_manager_pluszohocorp manageengine mobile device manager pluseq9.0.0
zohocorp:manageengine_netflow_analyzerzohocorp manageengine netflow analyzereq11.0
zohocorp:manageengine_network_configuration_managerzohocorp manageengine network configuration managereq11.0
zohocorp:manageengine_o365_manager_pluszohocorp manageengine o365 manager pluseq4.0
Rows per page:
1-10 of 181

Related

prion 1
cvelist 1
nvd 1
prion
prion
Design/Logic Flaw
2019-06-18 22:15:00
cvelist
cvelist
CVE-2019-12133
2019-06-18 21:27:25
nvd
nvd
CVE-2019-12133
2019-06-18 22:15:12

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.4%

JSON
Related for CVE-2019-12133
prion1cvelist1nvd1