ManageEngine Desktop Central Tools Execution Status Update RCE (intrusive check)

critical Nessus Plugin ID 86472

Synopsis

The remote web server contains a Java-based web application that is affected by a remote code execution vulnerability.

Description

The version of ManageEngine Desktop Central running on the remote host is affected by an unspecified remote code execution vulnerability in the system tools execution status updates due to a failure to properly sanitize user-supplied input. A remote, unauthenticated attacker can exploit this to upload to the remote host files containing arbitrary code and then execute them with NT-AUTHORITY\SYSTEM privileges.

Note that this plugin tries to upload a JSP file to <DocumentRoot> (i.e., C:\ManageEngine\DesktopCentral_Server\webapps\DesktopCentral\) and then fetch it, thus executing the Java code in the JSP file. The plugin attempts to delete the JSP file after a successful upload and fetch. The user is advised to delete the JSP file if Nessus fails to delete it.

Solution

Upgrade to ManageEngine Desktop Central 9 build 91050 or later.

See Also

http://www.nessus.org/u?89099720

http://www.nessus.org/u?35dc5cab

Plugin Details

Severity: Critical

ID: 86472

File Name: manageengine_desktop_central_status_update_rce.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 10/21/2015

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:zohocorp:manageengine_desktop_central

Required KB Items: installed_sw/ManageEngine Desktop Central

Exploited by Nessus: true

Patch Publication Date: 7/20/2015

Vulnerability Publication Date: 7/13/2015