| Vulnerability Details | |
|---|---|
| Impact | The vulnerability enables local users to elevate privileges to root. Users can perform this action by executing malicious payload with Nipper executable files. |
| Reported on | 09 Sep 2019 |
| Reported by | Guy Levin (@va_start) |
| Fixed on | 26 Nov 2019 |
| Affected Builds | Build till 124078 & 124081 to 124098 |
| Fixed in | Builds 124079 and 124099 |
| Overview | Incorrect file permissions on the packaged Nipper executable file |
| Recommended Fix | For builds till 124078: Upgrade to Firewall Analyzer version 124079. For builds from 124081 to 124098: Contact our support team. |
Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload.
We recommend that you upgrade to Firewall Analyzer version 12.4.079 and above to fix this issue.
Source and Acknowledgements
Find out more about CVE-2019-17421 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at fwanalyzer-support@manageengine.com