# Security Updates - CVE-2019-17421

## CVE-2019-17421

### Incorrect file permissions on the packaged Nipper executable file

## Vulnerability Details

| Field | Details |
|---|---|
| Impact | The vulnerability enables local users to elevate privileges to root. Users can perform this action by executing malicious payload with Nipper executable files. |
| Reported | 8 September 2019 |
| Reported by | Guy Levin (@va_start) |
| Fixed | 26 November 2019 |
| Affected Builds | - Builds till 124078<br>- Builds 124081 to 124098 |
| Fixed in | Builds 124079 and 124099 |
| Overview | Incorrect file permissions on the packaged Nipper executable file |
| Recommended Fix | Upgrade to [OpManager Version 12.4.079](https://www.manageengine.com/network-monitoring/service-packs.html?124062) or above.<br><br>For builds 124081 to 124098: Contact our [support team](mailto:opmanager-support@manageengine.com) (opmanager-support@manageengine.com) in case of queries. |

### Description

A user detected incorrect file permissions on the packaged Nipper executable file in which allowed local users to elevate privileges to root by overwriting this file with a malicious payload.

We recommend that you [upgrade to OpManager Version 12.4.079](https://www.manageengine.com/network-monitoring/service-packs.html?124062) or contact our support team at [opmanager-support@manageengine.com](mailto:opmanager-support@manageengine.com) to fix this issue.

### Source and Acknowledgements

Find out more about CVE-2019-17421 from the [CVE dictionary](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17421).

### Need Help?

For clarification or corrections please contact our [support team](https://www.manageengine.com/network-monitoring/support.html) or email us at [opmanager-support@manageengine.com](mailto:opmanager-support@manageengine.com).