CVE-2019-17421

high

Description

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.

References

https://www.manageengine.com/products/firewall/security-updates/cve-2019-17421.html

https://twitter.com/va_start

https://blog.vastart.dev/2019/11/cve-2019-17421-privilege-escalation.html

Details

Source: Mitre, NVD

Published: 2019-11-21

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H