CVE-2018-13411

An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
zohocorpmanageengine_desktop_central
𝑥
< 10.0.282
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105348
https://github.com/AJ-SA/Zoho-ManageEngine/blob/master/README.md
https://www.manageengine.com/products/desktop-central/elevation-of-system-privilege.html
http://www.securityfocus.com/bid/105348
https://github.com/AJ-SA/Zoho-ManageEngine/blob/master/README.md
https://www.manageengine.com/products/desktop-central/elevation-of-system-privilege.html