CVE-2020-11552 — CRITICAL (9.8)

Q: How severe is CVE-2020-11552?

CVE-2020-11552 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-11552?

Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Adselfservice Plus.

Vulnerability Description

An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \windows\system32, cmd.exe can be launched as a SYSTEM.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zohocorp	Manageengine Adselfservice Plus	<= 5.8

Related Weaknesses (CWE)

CWE-269

References

http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000ExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2020/Aug/4ExploitMailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2020/Aug/6ExploitMailing ListThird Party Advisory
https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-60Release NotesVendor Advisory
https://www.exploit-db.com/exploits/48739ExploitThird Party AdvisoryVDB Entry
https://www.manageengine.comVendor Advisory
http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000ExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2020/Aug/4ExploitMailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2020/Aug/6ExploitMailing ListThird Party Advisory
https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-60Release NotesVendor Advisory
https://www.exploit-db.com/exploits/48739ExploitThird Party AdvisoryVDB Entry
https://www.manageengine.comVendor Advisory

FAQ

What is CVE-2020-11552?

CVE-2020-11552 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vuln...

How severe is CVE-2020-11552?

CVE-2020-11552 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-11552?

Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Adselfservice Plus.