Privilege Escalation Vulnerability

This document explains a privilege escalation vulnerability that has been reported.

Severity - High
Update Release build : 11.2.2325.4
Update Release Date : 18-August-2023
Reported by: Colby via ManageEngine Bug bounty program.

What was the problem?

The privilege escalation vulnerability in the Device Control allows a standard user to gain administrator privileges when uploading a temporary access code. This impact is only restricted to the local machine where the agent is installed.

Note: This vulnerability impacts only if the Device Control add-on is enabled in Endpoint Central.

How do I fix it?

Upgrading to the latest version is strongly advised due to this vulnerability's severity. To upgrade, follow the steps below:

1. Login to the product console, and click on your current build number in the top right corner.
2. You'll be able to find the latest build applicable to you. Download the PPM and update.

For any further questions or concerns on this, please write to our support team.