PT-2011-10: Abritrary Files Loading in ManageEngine ServiceDesk Plus 8.0
Vulnerable software
ManageEngine ServiceDesk Plus
Version: 8.0 and earlier
Application link:
http://www.servicedeskplus.com
Severity level
Severity level: High
Impact: Arbitrary Code Execution
Access Vector: Remote
CVSS v2:
Base Score: 8.5
Vector: (AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVE: not assign
Software description
ManageEngine ServiceDesk Plus is a technical support and assests management system.
Vulnerability description
The specialists of the Positive Research center have detected "Abritrary Files Loading" vulnerability in ManageEngine ServiceDesk Plus.
Insufficient CSV file input filtering in user import script allows attackers with guest privileges (account guest/guest) overwrite an arbitrary file in bin folder in ServiceDesk application via TP POST request. This vulnerability allows attackers to overwrite the script that starts and stops applciations that lead to arbitrary code execution as application is started or stopped.
How to fix
Update your software up to the latest version
Advisory status
24.06.2011 - Vendor is notified
28.06.2011 - Vendor gets vulnerability details
23.04.2012 - Vendor releases fixed version and details
13.09.2012 - Public disclosure
Credits
The vulnerability has discovered by Alexander Zaitsev, Positive Research Center (Positive Technologies Company)
References
http://en.securitylab.ru/lab/PT-2011-10
Reports on the vulnerabilities previously discovered by Positive Research:
http://ptsecurity.com/research/advisory/
http://en.securitylab.ru/lab/