Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.
References
Link | Resource |
---|---|
https://blog.vastart.dev/2019/11/cve-2019-17421-privilege-escalation.html | Third Party Advisory |
https://twitter.com/va_start | Exploit Third Party Advisory |
https://www.manageengine.com/products/firewall/security-updates/cve-2019-17421.html | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-11-21T14:36:02
Updated: 2019-11-29T18:40:57
Reserved: 2019-10-09T00:00:00
Link: CVE-2019-17421
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-11-21T15:15:14.790
Modified: 2021-04-29T18:17:21.697
Link: CVE-2019-17421
JSON object: View
Redhat Information
No data.
CWE