CVE-2017-11511
published 2017-11-08CVE-2017-11511: The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for…
PriorityP277high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
3.54%
87.8th percentile
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| manageengine | servicedesk | — | — |
| zoho | manageengine_servicedesk | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://192.168.1.200:8080/fosagent/repl/download-file?basedir=4&filepath=pgsql\data\pg_log\pgsql_Wed.log↗
- →Monitor HTTP requests to the /fosagent/repl/download-file endpoint for the presence of directory traversal sequences (e.g., ..\) in the 'filepath' parameter, which indicates exploitation of CVE-2017-11511. ↗
- →Both /fosagent/repl/download-file and /fosagent/repl/download-snapshot endpoints are accessible by unauthenticated remote users; any unauthenticated access to these endpoints should be treated as suspicious. ↗
- ·The vulnerability remains unfixed as of ManageEngine ServiceDesk version 9.3.9328; ensure the installed version is checked against this baseline when assessing exposure. ↗
- ·The 'basedir' parameter in the download-file endpoint controls the base directory scope; traversal is possible relative to these base directories (fileAttachments, inlineimages, archive, ServiceDesk root). ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3j4c-5xc5-gq99: The ManageEngine ServiceDesk 9
ghsa_unreviewed·2022-05-13
CVE-2017-11511 [HIGH] CWE-200 GHSA-3j4c-5xc5-gq99: The ManageEngine ServiceDesk 9
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
VulnCheck
manageengine servicedesk Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2017·CVSS 7.5
CVE-2017-11511 [HIGH] manageengine servicedesk Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
manageengine servicedesk Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
Affected: manageengine servicedesk
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-august-2024; https://www.f5.com/labs/articles/threat-intelligence/botpoke-scanner-switches-ip; https://www.f5.com/labs/a
No detection rules found.
No public exploits indexed.
2017-11-08
Published
Exploited in the wild