Vulnerability Details CVE-2018-13412
An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.5%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- http://www.securityfocus.com/bid/105348
- https://github.com/AJ-SA/Zoho-ManageEngine/blob/master/README.md
- https://www.manageengine.com/products/desktop-central/elevation-of-system-privilege.html
- http://www.securityfocus.com/bid/105348
- https://github.com/AJ-SA/Zoho-ManageEngine/blob/master/README.md
- https://www.manageengine.com/products/desktop-central/elevation-of-system-privilege.html
Products affected by CVE-2018-13412
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:-
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.124
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.137
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.184
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.255
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.271
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:7.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:7.0.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:7.0.1
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:8.0.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:9.0
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:9.1.0