Security Updates - CVE-2024-9871| ManageEngine OpManager

Potential privilege escalation due to incorrect permissions on the product temporary directory

Severity: Medium

CVE ID: CVE-2024-9871

Product name	Affected Version(s)	Fixed Version(s)	Fixed On
OpManager OpManager Plus OpManager MSP NetFlow Analyzer Network Configuration Manager Firewall Analyzer OpUtils
	From version 128509 to 128510	128511	30-01-2025
	From version 128451 to 128460	128461	19-02-2025
	Version 128404 and below	128405	05-02-2025

Details:

A potential privilege escalation vulnerability existed due to incorrect permissions on the product's temporary directory. This allowed for arbitrary file deletion and local privilege escalation. This issue has been resolved by implementing appropriate Access Control Lists on the affected directory.

Impact:

This vulnerability could have allowed an attacker to perform arbitrary file deletion, leading to local privilege escalation.

Steps to upgrade:

Kindly download the latest upgrade pack from here.
Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above step.

Source and Acknowledgements:

This vulnerability was reported by Crispr Xiang.

Kindly contact our product support teams for further details, at the email address mentioned below:

OpManager : opmanager-support@manageengine.com
OpManager Plus : opmanagerplus-support@manageengine.com
OpManager MSP : msp-opmanager-support@manageengine.com
Netflow Analyzer : netflowanalyzer-support@manageengine.com
Network Configuration Manager : ncm-support@manageengine.com
Firewall Analyzer : fwanalyzer-support@manageengine.com
Oputils : oputils-support@manageengine.com

Potential privilege escalation due to incorrect permissions on the product temporary directory

Features

Sectors

Quick links

Why OpManager

Company

Training and Support

Connect with us: