CVE-2014-7862

Exploit

EPSS 81.4%
Published 04.01.2018 17:29:00
Last modified 21.11.2024 02:18:09
Source cve@mitre.org
Teams watchlist Login
Open Login

The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.

Affected products Warnungen 0 Metrics 3 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Zohocorp ≫ Desktop Central SwEditionmanaged_service_providers Version < 90109

Zohocorp ≫ Desktop Central Version >= 7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	81.4%	0.991

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://packetstormsecurity.com/files/129769/Desktop-Central-Add-Administrator.html

Third Party Advisory

VDB Entry

Issue Tracking

http://seclists.org/fulldisclosure/2015/Jan/2

Third Party Advisory

Mailing List

Issue Tracking

http://www.securityfocus.com/archive/1/534356/100/0/threaded

http://www.securityfocus.com/bid/71849

Third Party Advisory

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/99595

Third Party Advisory

VDB Entry

Issue Tracking

https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt

Third Party Advisory

https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.html

Third Party Advisory

https://www.rapid7.com/db/modules/auxiliary/admin/http/manage_engine_dc_create_admin

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2014-7862

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-7862

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-7862

EUVD