Privilege Escalation via Incorrect File Permissions in Zoho ManageEngine OpManager and Firewall Analyzer

Privilege Escalation via Incorrect File Permissions in Zoho ManageEngine OpManager and Firewall Analyzer

CVE-2019-17421 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.

Learn more about our User Device Pen Test.