HTTP: Zoho ManageEngine Desktop Central Arbitrary File Deletion
This signature detects arbitrary file deletion vulnerability in Zoho ManageEngine Desktop Central. Successful exploitation could result in the deletion of arbitrary files.
Extended Description
Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI.
Affected Products
Zohocorp manageengine_desktop_central
References
CVE: CVE-2018-12999
Short Name
HTTP:DIR:CVE-2018-12999FILE-DEL
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Arbitrary CVE-2018-12999 Central Deletion Desktop File ManageEngine Zoho
Release Date
09/25/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Zohocorp
CVSS Score
6.4