ManageEngine Desktop Central 10 < Build 100282 Remote Privilege Escalation

high Nessus Plugin ID 117639

Synopsis

The remote web server contains a Java-based web application that is affected by a remote privilege escalation.

Description

The ManageEngine Desktop Central application running on the remote host is version 10 prior to build 100282. It is, therefore, affected by a remote privilege escalation vulnerability.

Solution

Upgrade to ManageEngine Desktop Central version 10 build 100282 or later.

See Also

http://www.nessus.org/u?ddf441fc

Plugin Details

Severity: High

ID: 117639

File Name: manageengine_desktop_central_100282.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 9/21/2018

Updated: 5/2/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2018-13411

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:zohocorp:manageengine_desktop_central

Required KB Items: installed_sw/ManageEngine Desktop Central

Exploit Ease: No known exploits are available

Patch Publication Date: 8/23/2018

Vulnerability Publication Date: 8/23/2018

Reference Information

CVE: CVE-2018-13411, CVE-2018-13412

BID: 105348

IAVA: 2018-A-0302-S