// For flags

CVE-2019-17421

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.

Los permisos de archivo incorrectos en el archivo ejecutable Nipper empaquetado en Zoho ManageEngine OpManager versión 12.4.072 y Firewall Analyzer versión 12.4.072, permiten a usuarios locales elevar los privilegios de root al sobrescribir este archivo con una carga maliciosa.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-10-09 CVE Reserved
  • 2019-11-21 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-276: Incorrect Default Permissions
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Zohocorp
Search vendor "Zohocorp"
Manageengine Firewall Analyzer
Search vendor "Zohocorp" for product "Manageengine Firewall Analyzer"
12.4
Search vendor "Zohocorp" for product "Manageengine Firewall Analyzer" and version "12.4"
124072
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Opmanager
Search vendor "Zohocorp" for product "Manageengine Opmanager"
12.4
Search vendor "Zohocorp" for product "Manageengine Opmanager" and version "12.4"
build124072
Affected