CVE-2019-17421

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
zohocorpmanageengine_firewall_analyzer
12.4:124072
zohocorpmanageengine_opmanager
12.4:build124072
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blog.vastart.dev/2019/11/cve-2019-17421-privilege-escalation.html
https://twitter.com/va_start
https://www.manageengine.com/products/firewall/security-updates/cve-2019-17421.html
https://blog.vastart.dev/2019/11/cve-2019-17421-privilege-escalation.html
https://twitter.com/va_start
https://www.manageengine.com/products/firewall/security-updates/cve-2019-17421.html