CVE-2019-19034

Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges.

CVSS v3 7.2 HIGH
CVSS v2.0 6.5 MEDIUM

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://packetstormsecurity.com/files/157731/ManageEngine-AssetExplorer-Authenticated-Command-Execution.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2020/May/36	Exploit Mailing List Third Party Advisory
https://www.manageengine.com/products/asset-explorer/sp-readme.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.5:*:*:*:*:*:*:*

History

03 Feb 2023, 19:38

Type	Values Removed	Values Added
References	~~(MISC) http://packetstormsecurity.com/files/157731/ManageEngine-AssetExplorer-Authenticated-Command-Execution.html -~~	(MISC) http://packetstormsecurity.com/files/157731/ManageEngine-AssetExplorer-Authenticated-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry
References	~~(FULLDISC) http://seclists.org/fulldisclosure/2020/May/36 -~~	(FULLDISC) http://seclists.org/fulldisclosure/2020/May/36 - Exploit, Mailing List, Third Party Advisory

Information

Published : 2020-03-23 17:15

Updated : 2023-12-10 13:27

NVD link : CVE-2019-19034

Mitre link : CVE-2019-19034

CVE.ORG link : CVE-2019-19034

JSON object : View

Products Affected

zohocorp

manageengine_assetexplorer

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2019-19034", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2020-03-23T17:15:15.127", "references": [{"url": "http://packetstormsecurity.com/files/157731/ManageEngine-AssetExplorer-Authenticated-Command-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2020/May/36", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.manageengine.com/products/asset-explorer/sp-readme.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges."}, {"lang": "es", "value": "Zoho ManageEngine Asset Explorer versi\u00f3n 6.5, no comprueba el nombre de usuario de la base de datos de System Center Configuration Manager (SCCM) cuando genera din\u00e1micamente un comando para programar escaneos para SCCM. Esto permite a un atacante ejecutar comandos arbitrarios en el servidor AssetExplorer con privilegios NT AUTHORITY/SYSTEM."}], "lastModified": "2023-02-03T19:38:13.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0AC4060-7047-4315-BB45-FEC5A8FF495F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}