Vulnerability Details CVE-2014-7862
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.819
EPSS Ranking 99.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/129769/Desktop-Central-Add-Administrator.html
- http://seclists.org/fulldisclosure/2015/Jan/2
- http://www.securityfocus.com/archive/1/534356/100/0/threaded
- http://www.securityfocus.com/bid/71849
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99595
- https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt
- https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.html
- https://www.rapid7.com/db/modules/auxiliary/admin/http/manage_engine_dc_create_admin
- http://packetstormsecurity.com/files/129769/Desktop-Central-Add-Administrator.html
- http://seclists.org/fulldisclosure/2015/Jan/2
- http://www.securityfocus.com/archive/1/534356/100/0/threaded
- http://www.securityfocus.com/bid/71849
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99595
- https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/me_dc9_admin.txt
- https://www.manageengine.com/products/desktop-central/cve20147862-unauthorized-account-creation.html
- https://www.rapid7.com/db/modules/auxiliary/admin/http/manage_engine_dc_create_admin
Products affected by CVE-2014-7862
-
cpe:2.3:a:zohocorp:desktop_central:*
-
cpe:2.3:a:zohocorp:desktop_central:7
-
cpe:2.3:a:zohocorp:desktop_central:8
-
cpe:2.3:a:zohocorp:desktop_central:9
-
cpe:2.3:a:zohocorp:desktop_central:90109