Design/Logic Flaw

2019-11-2115:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.

CPENameOperatorVersion
manageengine_firewall_analyzereq12.4 124072
manageengine_opmanagereq12.4 build124072

CPE	Name	Operator	Version
	manageengine_firewall_analyzer	eq	12.4 124072
	manageengine_opmanager	eq	12.4 build124072

References

blog.vastart.dev/2019/11/cve-2019-17421-privilege-escalation.html

twitter.com/va_start

www.manageengine.com/products/firewall/security-updates/cve-2019-17421.html