This document addresses "Potential privilege escalation" vulnerability reported in the monitoring component of RMM Central.
Severity: Medium
CVE ID: CVE-2024-9871
Affected version(s): Build 10.3.7 and below
Fixed version(s): Build 10.3.28
Fixed on: February 4, 2025
A potential privilege escalation vulnerability in the monitoring component existed due to incorrect permissions on the product's temporary directory. This allowed for arbitrary file deletion and local privilege escalation. This issue has been resolved by implementing appropriate Access Control Lists on the affected directory.
This vulnerability could have allowed an attacker to perform arbitrary file deletion, leading to local privilege escalation.
This vulnerability was reported by Crispr Xiang.
The issue can be fixed by upgrading your ManageEngine RMM Central to build 10.3.28 with monitoring instance to the versions 12.8.511 and above.
Upgrade to the last build from the URL given below:
https://www.manageengine.com/remote-monitoring-management/service-packs.html
If you need further help, please contact our support at rmmcentral-support@manageengine.com
Keywords: Security Updates, Vulnerabilities and Fixes.