| Vulnerability Details | |
|---|---|
| Impact | The vulnerability enables local users to elevate privileges to root. Users can perform this action by executing malicious payload with Nipper executable files. |
| Reported | 9 September 2019 |
| Reported By | Guy Levin (@va_start) |
| Fixed | 26 November 2019 |
| Affected Builds | Builds till 124078 124081 to 124098 |
| Fixed in | Builds 124079 and 124099 |
| Overview | Incorrect file permissions on the packaged Nipper executable file |
| Recommended Fix | For builds till 124078: Upgrade to NetFlow Analyzer Version 12.4.079 or above. For builds 124081 to 124098: Contact our support team (netflowanalyzer-support@manageengine.com). |
A user detected incorrect file permissions on the packaged Nipper executable file in which allowed local users to elevate privileges to root by overwriting this file with a malicious payload.
We recommend that you upgrade to NetFlow Analyzer version 12.4.099 and above to fix this issue.
Source and Acknowledgements
Find out more about CVE-2019-17421 from the CVE dictionary.
For clarification or corrections please contact our support team or email us at netflowanalyzer-support@manageengine.com