ManageEngine Desktop Central 10 < Build 100282 Remote Privilege Escalation

High Nessus Plugin ID 117639

Synopsis

The remote web server contains a Java-based web application that is affected by a remote privilege escalation.

Description

The ManageEngine Desktop Central application running on the remote host is version 10 prior to build 100282. It is, therefore, affected by a remote privilege escalation vulnerability.

Solution

Upgrade to ManageEngine Desktop Central version 10 build 100282 or later.

See Also

http://www.nessus.org/u?ddf441fc

Plugin Details

Severity: High

ID: 117639

File Name: manageengine_desktop_central_100282.nasl

Version: 1.3

Type: remote

Family: CGI abuses

Published: 2018/09/21

Updated: 2018/12/07

Dependencies: 71216

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2018-13411

CVSS v2.0

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:zohocorp:manageengine_desktop_central

Required KB Items: installed_sw/ManageEngine Desktop Central

Patch Publication Date: 2018/08/23

Vulnerability Publication Date: 2018/08/23

Reference Information

CVE: CVE-2018-13411, CVE-2018-13412

BID: 105348

IAVA: 2018-A-0302