Privilege Escalation via Clickable Company Logo in Zoho ManageEngine Desktop Central

Privilege Escalation via Clickable Company Logo in Zoho ManageEngine Desktop Central

CVE-2018-13412 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.

Learn more about our Cis Benchmark Audit For Desktop Software.