CVE-2019-12133 : Security Advisory and Response
Learn about CVE-2019-12133 affecting Zoho ManageEngine products, allowing non-privileged users to escalate privileges. Find mitigation steps and affected versions here.
Multiple Zoho ManageEngine products are affected by a local privilege escalation vulnerability due to improper permissions in the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. This issue allows non-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM during system startup.
Understanding CVE-2019-12133
This CVE entry describes a security vulnerability in various Zoho ManageEngine products that can be exploited for local privilege escalation.
What is CVE-2019-12133?
The vulnerability arises from incorrect permissions in the %SYSTEMDRIVE%\ManageEngine directory and sub-folders, enabling non-privileged users to escalate their privileges to NT AUTHORITY\SYSTEM. The affected products include Desktop Central, EventLog Analyzer, ServiceDesk Plus, and others.
The Impact of CVE-2019-12133
The vulnerability allows non-privileged users to gain elevated privileges to NT AUTHORITY\SYSTEM, potentially leading to unauthorized access and control over the affected systems.
Technical Details of CVE-2019-12133
This section provides technical details about the vulnerability.
Vulnerability Description
The vulnerability in Zoho ManageEngine products allows non-privileged users to escalate their privileges to NT AUTHORITY\SYSTEM due to improper permissions in the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders.
Affected Systems and Versions
The following Zoho ManageEngine products are affected:
- Desktop Central 10.0.380
- EventLog Analyzer 12.0.2
- ServiceDesk Plus 10.0.0
- SupportCenter Plus 8.1
- O365 Manager Plus 4.0
- Mobile Device Manager Plus 9.0.0
- Patch Connect Plus 9.0.0
- Vulnerability Manager Plus 9.0.0
- Patch Manager Plus 9.0.0
- OpManager 12.3
- NetFlow Analyzer 11.0
- OpUtils 11.0
- Network Configuration Manager 11.0
- FireWall 12.0
- Key Manager Plus 5.6
- Password Manager Pro 9.9
- Analytics Plus 1.0
- Browser Security Plus
Exploitation Mechanism
The vulnerability occurs when the services associated with the affected products attempt to execute binaries like sc.exe from the current directory during system startup, allowing non-privileged users to escalate their privileges.
Mitigation and Prevention
To address CVE-2019-12133, follow these mitigation strategies:
Immediate Steps to Take
- Apply the vendor-supplied patches for the affected Zoho ManageEngine products.
- Restrict access to the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders.
Long-Term Security Practices
- Regularly monitor and audit permissions on critical directories.
- Implement the principle of least privilege to restrict user access.
Patching and Updates
- Keep the Zoho ManageEngine products up to date with the latest security patches and updates to prevent exploitation of this vulnerability.