CVE-2019-17421
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.
Los permisos de archivo incorrectos en el archivo ejecutable Nipper empaquetado en Zoho ManageEngine OpManager versión 12.4.072 y Firewall Analyzer versión 12.4.072, permiten a usuarios locales elevar los privilegios de root al sobrescribir este archivo con una carga maliciosa.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-10-09 CVE Reserved
- 2019-11-21 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://blog.vastart.dev/2019/11/cve-2019-17421-privilege-escalation.html | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://twitter.com/va_start | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://www.manageengine.com/products/firewall/security-updates/cve-2019-17421.html | 2021-04-29 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zohocorp Search vendor "Zohocorp" | Manageengine Firewall Analyzer Search vendor "Zohocorp" for product "Manageengine Firewall Analyzer" | 12.4 Search vendor "Zohocorp" for product "Manageengine Firewall Analyzer" and version "12.4" | 124072 |
Affected
| ||||||
| Zohocorp Search vendor "Zohocorp" | Manageengine Opmanager Search vendor "Zohocorp" for product "Manageengine Opmanager" | 12.4 Search vendor "Zohocorp" for product "Manageengine Opmanager" and version "12.4" | build124072 |
Affected
| ||||||