Security Updates - CVE Database

CVE-2019-17421

Incorrect file permissions on the packaged Nipper executable file

Vulnerability Details
Impact The vulnerability enables local users to elevate privileges to root. Users can perform this action by executing malicious payload with Nipper executable files.
Reported 9 September 2019
Reported By Guy Levin (@va_start)
Fixed 26 November 2019
Affected Builds Builds till 124078
124081 to 124098
Fixed in Builds 124079 and 124099
Overview Incorrect file permissions on the packaged Nipper executable file
Recommended Fix For builds till 124078: Upgrade to NetFlow Analyzer Version 12.4.079 or above.

For builds 124081 to 124098: Contact our support team (netflowanalyzer-support@manageengine.com).

Description

A user detected incorrect file permissions on the packaged Nipper executable file in which allowed local users to elevate privileges to root by overwriting this file with a malicious payload.

We recommend that you upgrade to NetFlow Analyzer version 12.4.099 and above to fix this issue.

Source and Acknowledgements

Find out more about CVE-2019-17421 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at netflowanalyzer-support@manageengine.com