CVE-2014-7862

Exploit

EPSS 81.4%
Veröffentlicht 04.01.2018 17:29:00
Zuletzt bearbeitet 21.11.2024 02:18:09
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zohocorp ≫ Desktop Central SwEditionmanaged_service_providers Version < 90109

Zohocorp ≫ Desktop Central Version >= 7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	81.4%	0.991

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://packetstormsecurity.com/files/129769/Desktop-Central-Add-Administrator.html

Third Party Advisory

VDB Entry

Issue Tracking

http://seclists.org/fulldisclosure/2015/Jan/2

Third Party Advisory

Mailing List

Issue Tracking

http://www.securityfocus.com/archive/1/534356/100/0/threaded

http://www.securityfocus.com/bid/71849

Third Party Advisory

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/99595

Third Party Advisory

VDB Entry

Issue Tracking

https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt

Third Party Advisory

https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.html

Third Party Advisory

https://www.rapid7.com/db/modules/auxiliary/admin/http/manage_engine_dc_create_admin

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2014-7862

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-7862

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-7862

EUVD