CVE-2019-17421

Incorrect file permissions on the packaged Nipper executable file

 

Vulnerability Details
Impact The vulnerability enables local users to elevate privileges to root. Users can perform this action by executing malicious payload with Nipper executable files.
Reported 8 September 2019
Reported by Guy Levin (@va_start)
Fixed 26 November 2019
Affected Builds

- Builds till 124078
- Builds 124081 to 124098

Fixed in Builds 124079 and 124099
Overview Incorrect file permissions on the packaged Nipper executable file
Recommended Fix Upgrade to OpManager Version 12.4.079 or above.

For builds 124081 to 124098: Contact our support team (opmanager-support@manageengine.com) in case of queries.

 

Description

A user detected incorrect file permissions on the packaged Nipper executable file in which allowed local users to elevate privileges to root by overwriting this file with a malicious payload.

We recommend that you upgrade to OpManager Version 12.4.079 or contact our support team at opmanager-support@manageengine.com to fix this issue.

Source and Acknowledgements

Find out more about CVE-2019-17421 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at opmanager-support@manageengine.com.

Video Zone
OpManager Customer Videos
Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  
  •  IT Admin from "Royal flying doctor service", Australia
     Jonathan ManageEngine Customer
  •  Michael - Network & Tech, ManageEngine Customer
     Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  •  David Tremont, Associate Directory of Infrastructure,USA
     Todd Haverstock Administrative Director
  •  Donald Stewart, IT Manager from Crest Industries
     John Rosser, MIS Manager - Yale Chase Equipment & Services
 Pricing  Get Quote