ManageEngine Desktop Central AgentLogUploadServlet Arbitrary File Upload RCE (intrusive check)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.

Synopsis :

The remote web server contains a Java-based web application that is
affected by a remote code execution vulnerability.

Description :

The version of ManageEngine Desktop Central running on the remote host
is affected by a remote code execution vulnerability due to a failure
by the AgentLogUploadServlet script to properly sanitize user-supplied
input to the 'fileName' parameter. A remote, unauthenticated attacker
can exploit this to upload to the remote host files containing
arbitrary code and then execute them with NT-AUTHORITY\SYSTEM

Note that this plugin tries to upload a JSP file to <DocumentRoot>
(i.e., C:\ManageEngine\DesktopCentral_Server\webapps\DesktopCentral\)
and then fetch it, thus executing the Java code in the JSP file. The
plugin attempts to delete the JSP file after a successful upload and
fetch. The user is advised to delete the JSP file if Nessus fails to
delete it.

See also :

Solution :

Upgrade to ManageEngine Desktop Central 8 build 80293 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true

Family: CGI abuses

Nessus Plugin ID: 71217 ()

Bugtraq ID: 63784

CVE ID: CVE-2013-7390

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now