Privilege Escalation via Clickable Company Logo in Zoho ManageEngine Desktop Central

Privilege Escalation via Clickable Company Logo in Zoho ManageEngine Desktop Central

CVE-2018-13411 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.

Learn more about our Cis Benchmark Audit For Desktop Software.