Detections
Analytics

ManageEngine Desktop Central AgentLogUploadServlet Arbitrary File Upload

critical Nessus Plugin ID 71218

Language:

Synopsis

The remote web server contains a Java web application that allows for arbitrary file uploads.

Description

The version of ManageEngine Desktop Central installed on the remote host is affected by an arbitrary file upload vulnerability due to the 'AgentLogUploadServlet' script not properly sanitizing user-supplied input to the 'filename' parameter. A remote, unauthenticated attacker can exploit this issue to upload files containing arbitrary code and then execute them on the remote host with NT-AUTHORITY\SYSTEM privileges.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to ManageEngine Desktop Central 8.0.0 build 80293 or later.

See Also

https://seclists.org/fulldisclosure/2013/Nov/130

http://www.nessus.org/u?f57da24d

https://seclists.org/fulldisclosure/2013/Nov/152

Plugin Details

Severity: Critical

ID: 71218

File Name: manageengine_desktop_central_build_80292_file_upload.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 12/4/2013

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:zohocorp:manageengine_desktop_central

Required KB Items: installed_sw/ManageEngine Desktop Central

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/30/2013

Vulnerability Publication Date: 11/18/2013

Exploitable With

Metasploit (ManageEngine Desktop Central AgentLogUpload Arbitrary File Upload)

Reference Information

CVE: CVE-2013-7390

BID: 63784