// For flags

CVE-2018-19374

Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) - Privilege Escalation

Severity Score

7.0
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory.

Zoho ManageEngine ADManager Plus versión 6.6 compilación 6657, permite a los usuarios locales conseguir privilegios (después reiniciar) al colocar un archivo de troyano en el directorio bin permisivo.

Zoho ManageEngine ADManager Plus version 6.6 builds prior to 6659 suffer from a privilege escalation vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-11-20 CVE Reserved
  • 2019-04-16 CVE Published
  • 2019-04-16 First Exploit
  • 2024-04-23 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Zohocorp
Search vendor "Zohocorp"
 Manageengine Admanager Plus
Search vendor "Zohocorp" for product "Manageengine Admanager Plus"
 6.6
Search vendor "Zohocorp" for product "Manageengine Admanager Plus" and version "6.6"
6657
Affected