Vulnerability in Zohocorp Manageengine_firewall_analyzer
CVE-2019-17421
Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.
EPSS: 0.006 (41.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Zohocorp Manageengine_firewall_analyzer — versions 12.4
- Zohocorp Manageengine_opmanager — versions 12.4
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)
- cve@mitre.org (Third Party Advisory, x_refsource_MISC)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
Frequently asked questions
- What is CVE-2019-17421?
- CVE-2019-17421 is a high-severity vulnerability in Zohocorp Manageengine_firewall_analyzer, classified under Incorrect Default Permissions. CVSS score: 7.8/10. Published 2019-11-21.
- How severe is CVE-2019-17421?
- High severity. CVSS v3 base score is 7.8 out of 10.