ManageEngine Desktop Central 8 / 9 < Build 91100 Multiple RCE

critical Nessus Plugin ID 90192

Synopsis

The remote web server contains a Java-based web application that is affected by multiple remote code execution vulnerabilities.

Description

The ManageEngine Desktop Central application running on the remote host is version 8, or else version 9 prior to build 91100. It is, therefore, affected by multiple remote code execution vulnerabilities :

- A flaw exists in the statusUpdate script due to a failure to properly sanitize user-supplied input to the 'fileName' parameter. An unauthenticated, remote attacker can exploit this, via a crafted request to upload a PHP file that has multiple file extensions and by manipulating the 'applicationName' parameter, to make a direct request to the uploaded file, resulting in the execution of arbitrary code with NT-AUTHORITY\SYSTEM privileges. (CVE-2015-82001)

- An unspecified flaw exists in various servlets that allow an unauthenticated, remote attacker to execute arbitrary code. No further details are available.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to ManageEngine Desktop Central version 9 build 91100 or later.

See Also

http://www.nessus.org/u?89099720

Plugin Details

Severity: Critical

ID: 90192

File Name: manageengine_desktop_central_91100.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 3/25/2016

Updated: 11/19/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:zohocorp:manageengine_desktop_central

Required KB Items: installed_sw/ManageEngine Desktop Central

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/12/2015

Vulnerability Publication Date: 12/14/2015

Reference Information

CVE: CVE-2015-82001