Vulnerability Description
An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching level, etc.) via a GET request on port 8022, 8443, or 8444.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Manageengine Desktop Central | < 100230 |
Related Weaknesses (CWE)
References
- https://blog.netxp.fr/manageengine-deep-exploitation/ExploitThird Party Advisory
- https://www.manageengine.com/products/desktop-central/vulnerability-in-log-filesVendor Advisory
- https://blog.netxp.fr/manageengine-deep-exploitation/ExploitThird Party Advisory
- https://www.manageengine.com/products/desktop-central/vulnerability-in-log-filesVendor Advisory
FAQ
What is CVE-2018-11716?
CVE-2018-11716 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (priva...
How severe is CVE-2018-11716?
CVE-2018-11716 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-11716?
Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Desktop Central.