Title: ManageEngine OpManager Privilege Escalation
Advisory ID: ZSL-2019-5504
Type: Local
Impact: Privilege Escalation
Risk: (3/5)
Release Date: 18.01.2019

Summary

OpManager offers comprehensive network monitoring capabilities that help you monitor network performance, detect network faults in real time, troubleshoot errors, and prevent downtime. Being a powerful network monitor, it supports multi-vendor IT environments and can scale to fit your network, regardless of its size. Monitor your devices and network to gain complete visibility and control over your entire network infrastructure. It allows you to monitor critical performance metrics like availability, CPU, disk space, and memory utilization across physical and virtual servers.

Description

The OpManager Monitoring service suffers from a weak permissions issue in which an attacker can replace the service binary with a binary of her choice. This service runs as Localsystem thus allowing for a privilege escalation vector.

Vendor

Zoho Corporation Pvt. Ltd. - https://www.manageengine.com

Affected Version

12.3

Tested On

Microsoft Windows 7 x64

Vendor Status

[14.01.2019] Vulnerability discovered.
[15.01.2019[ Vendor contacted.
[17.01.2019] No response from the vendor.
[18.01.2019] Public security advisory released.

PoC

opmanager_eop.txt

Credits

Vulnerability discovered by Humberto Cabrera - <humbe@zeroscience.mk>

References

[1] https://cxsecurity.com/issue/WLB-2019010211
[2] https://exchange.xforce.ibmcloud.com/vulnerabilities/155958

Changelog

[18.01.2019] - Initial release
[27.01.2019] - Added reference [1] and [2]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk