CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
AI Score
Confidence
Low
The version of ManageEngine Endpoint Central installed on the remote Windows host is either prior to 11.3.2400.15 or prior to 11.3.2406.08. It is,therefore, affected by an incorrect authorization vulnerability. For more information, consult the vendor advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(206714);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/09");
script_cve_id("CVE-2024-38868");
script_xref(name:"IAVA", value:"2024-A-0539");
script_name(english:"ManageEngine Endpoint Central < 11.3.2400.15 , < 11.3.2406.08 Incorrect Authorization vulnerability");
script_set_attribute(attribute:"synopsis", value:
"The remote ManageEngine Endpoint Central host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The version of ManageEngine Endpoint Central installed on the remote Windows host is either prior to 11.3.2400.15
or prior to 11.3.2406.08. It is,therefore, affected by an incorrect authorization vulnerability. For more
information, consult the vendor advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://www.manageengine.com/products/desktop-central/security-updates-ngav.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6e052dc2");
script_set_attribute(attribute:"solution", value:
"Upgrade to ManageEngine Endpoint Central versions 11.3.2400.15, 11.3.2406.08 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-38868");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/02");
script_set_attribute(attribute:"patch_publication_date", value:"2024/04/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/09/06");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:zohocorp:manageengine_endpoint_central");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("manageengine_desktop_central_installed.nbin");
script_require_keys("installed_sw/ManageEngine Desktop Central");
exit(0);
}
include('vcf.inc');
var app_info = vcf::combined_get_app_info(app:'ManageEngine Desktop Central');
var constraints = [
{ 'fixed_version' : '11.3.2400.15' },
{ 'min_version' : '11.3.2406.00', 'fixed_version' : '11.3.2406.08' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
AI Score
Confidence
Low