Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-11346 — Improper Input Validation in Manageengine Desktop Central

CWE-20 — Improper Input Validation4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

25.0%

top 3.83%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Zohocorp Manageengine Desktop Central

Timeline

PublishedJul 17

Latest updateMay 17

Description

Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_desktop_central10.0

Patches

Patch: www.manageengine.com ↗Patch: www.manageengine.com ↗

🔴Vulnerability Details

GHSA

GHSA-696x-9jj4-gp92: Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk↗2022-05-17

▶

CVEList

CVE-2017-11346: Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk↗2017-07-16

▶

💥Exploits & PoCs

Exploit-DB

ManageEngine Desktop Central 10 Build 100087 - Remote Code Execution (Metasploit)↗2017-07-24

▶