What is CVE-2014-5005?

CVE-2014-5005 is a vulnerability in Zohocorp Manageengine_desktop_central, classified under Path Traversal. Published 2014-10-21.

Is CVE-2014-5005 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Zohocorp Manageengine_desktop_central

CVE-2014-5005

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.858 (99.4th percentile) — read the EPSS interpretation.

Affected products

Zohocorp Manageengine_desktop_central
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

rapid7/metasploit-framework

References

20140831 [The ManageOwnage Series, part III]: Multiple vulnerabilities / RCE in ManageEngine Desktop Central (mailing-list, Exploit, x_refsource_FULLDISC)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (Exploit, x_refsource_MISC)
110643 (x_refsource_OSVDB, vdb-entry)
34594 (Exploit, exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2014-5005?: CVE-2014-5005 is a vulnerability in Zohocorp Manageengine_desktop_central, classified under Path Traversal. Published 2014-10-21.
Is CVE-2014-5005 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.