Published: 30/04/2019 Updated: 03/10/2019

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 695

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zohocorp manageengine admanager plus 6.6

# Exploit Title: Zoho ManageEngine ADManager Plus 66 (Build < 6659) Privilege Escalation # Date: 15th April 2019 # Exploit Author: Digital Interruption # Vendor Homepage: wwwmanageenginecouk/ # Version: 66 (Build 6658) # Tested on: Windows Server 2012 R2 # CVE : CVE-2018-19374 Due to weak permissions setup on the bin, lib and tools ...

Zoho ManageEngine ADManager Plus version 66 builds prior to 6659 suffer from a privilege escalation vulnerability ...

CWE-732 https://research.digitalinterruption.com/2019/04/15/privilege-escalation-in-manageengine-admanager-plus-6/https://nvd.nist.gov https://www.exploit-db.com/exploits/46707

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-19374

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect