Strix
26.1K

CVE-2019-12133

UnknownEPSS 1.82%

Last modified

CVE-2019-12133 is a vulnerability of currently unknown severity. Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. EPSS estimates a 1.82% chance of exploitation in the next 30 days.

Description

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.

Metrics

EPSS Probability
1.82%

76.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ZohocorpManageengine Analytics Plus1.0
ZohocorpManageengine Browser Security PlusAll versions
ZohocorpManageengine Desktop Central10.0.380
ZohocorpManageengine Eventlog Analyzer12.0.2
ZohocorpManageengine Firewall12.0
ZohocorpManageengine Key Manager Plus5.6
ZohocorpManageengine Mobile Device Manager Plus9.0.0
ZohocorpManageengine Netflow Analyzer11.0
ZohocorpManageengine Network Configuration Manager11.0
ZohocorpManageengine O365 Manager Plus4.0
ZohocorpManageengine Opmanager12.3
ZohocorpManageengine Oputils11.0
ZohocorpManageengine Password Manager Pro9.9
ZohocorpManageengine Patch Connect Plus9.0.0
ZohocorpManageengine Patch Manager Plus9.0.0
ZohocorpManageengine Servicedesk Plus10.0.0
ZohocorpManageengine Supportcenter Plus8.1
ZohocorpManageengine Vulnerability Manager Plus9.0.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-12133?
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.
How severe is CVE-2019-12133?
Severity scoring for CVE-2019-12133 is pending analysis. The EPSS model estimates a 1.82% probability of exploitation in the next 30 days.
How do I fix CVE-2019-12133?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-12133?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST