Elevation of Privilege

This document explains the CVE-2019-12133 privilege-elevation vulnerability that have been reported.

Vulnerability ID : CVE-2019-12133
Update Release build : 100348
Update Release Date : 23-August-2019
Reported by: Hashim Jawad from ACTIVELabs

 

What was the problem?

Improper permissions of C:\ManageEngine directory which allowed non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM.

How to fix it?

These vulnerabilities have been identified and fixed. To apply the fix, follow the steps mentioned below:

    1. Log in to your Patch Manager Plus console, click on your current build number on the top right corner.
    2. You can find the latest build applicable to you. Download the PPM and update.

 

Keywords: Query Execution, Security Updates, Vulnerabilities and Fixes.