CVE-2018-13411

2018-09-1216:00:00

mitre

www.cve.org

AI Score

8.5

Confidence

High

EPSS

0.015

Percentile

86.8%

JSON

An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.

References

www.securityfocus.com/bid/105348

github.com/AJ-SA/Zoho-ManageEngine/blob/master/README.md

www.manageengine.com/products/desktop-central/elevation-of-system-privilege.html