CVE-2019-17421
Summary
| CVE | CVE-2019-17421 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-11-21 15:15:00 UTC |
| Updated | 2021-04-29 18:17:00 UTC |
| Description | Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload. |
Risk And Classification
Problem Types: CWE-276
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Zohocorp | Manageengine Firewall Analyzer | 12.4 | 124072 | All | All |
| Application | Zohocorp | Manageengine Firewall Analyzer | 12.4 | 124072 | All | All |
| Application | Zohocorp | Manageengine Opmanager | 12.4 | 124072 | All | All |
| Application | Zohocorp | Manageengine Opmanager | 12.4 | build124072 | All | All |
| Application | Zohocorp | Manageengine Opmanager | 12.4 | 124072 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Updates - CVE-2019-17421 | ManageEngine Firewall Analyzer | CONFIRM | www.manageengine.com | Patch, Vendor Advisory |
| (...) ⏣ (@va_start) | Twitter | MISC | twitter.com | Exploit, Third Party Advisory |
| CVE-2019-17421 Privilege Escalation Vulnerability In Zoho's OpManager & Firewall Analyzer | MISC | blog.vastart.dev | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.