What is CVE-2014-7862?

CVE-2014-7862 is a vulnerability in N/a. Published 2018-01-04.

Is CVE-2014-7862 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2014-7862

The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.

EPSS: 0.814 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

packetstormsecurity.com/files/129769/Desktop-Central-Add-Administrator.html (x_refsource_MISC)
github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt (x_refsource_MISC)
71849 (vdb-entry, x_refsource_BID)
20141231 [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central (mailing-list, x_refsource_BUGTRAQ)
desktopcentral-cve20147862-sec-bypass(99595) (vdb-entry, x_refsource_XF)
www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-… (x_refsource_CONFIRM)
www.rapid7.com/db/modules/auxiliary/admin/http/manage_engine_dc_create_admin (x_refsource_MISC)
20150102 [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central (mailing-list, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2014-7862?: CVE-2014-7862 is a vulnerability in N/a. Published 2018-01-04.
Is CVE-2014-7862 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.