What is CVE-2018-11717?

CVE-2018-11717 is a vulnerability discovered in Zoho ManageEngine Desktop Central before version 100251.

What is the severity of CVE-2018-11717?

CVE-2018-11717 has a severity rating of 9.8 (Critical).

How can an attacker exploit CVE-2018-11717?

By leveraging access to a log file, a context-dependent attacker can obtain sensitive information such as encoded passwords, usernames, and mail settings.

What is affected by CVE-2018-11717?

Zoho ManageEngine Desktop Central versions up to and excluding 100251 are affected by CVE-2018-11717.

Is there a fix for CVE-2018-11717?

Yes, updating to version 100251 of Zoho ManageEngine Desktop Central will fix the vulnerability.

Vulnerability/
CVE-2018-11717

critical

9.8

CWE

532

16/7/2018

5/8/2024

CVE-2018-11717

First published: Mon Jul 16 2018(Updated: )

An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the EAS account (an AD account used to send mail), the cleartext password of recovery_password of Android devices, the cleartext password of account "set", the location of devices enrolled in the platform (with UUID and information related to the name of the person at the location), critical information about all enrolled devices such as Serial Number, UUID, Model, Name, and auth_session_token (usable to spoof a terminal identity on the platform), etc.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zohocorp Manageengine Desktop Central	<100251

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-11717?
CVE-2018-11717 is a vulnerability discovered in Zoho ManageEngine Desktop Central before version 100251.
What is the severity of CVE-2018-11717?
CVE-2018-11717 has a severity rating of 9.8 (Critical).
How can an attacker exploit CVE-2018-11717?
By leveraging access to a log file, a context-dependent attacker can obtain sensitive information such as encoded passwords, usernames, and mail settings.
What is affected by CVE-2018-11717?
Zoho ManageEngine Desktop Central versions up to and excluding 100251 are affected by CVE-2018-11717.
Is there a fix for CVE-2018-11717?
Yes, updating to version 100251 of Zoho ManageEngine Desktop Central will fix the vulnerability.

collector/nvd-index
agent/references
agent/severity
agent/type
agent/tags
agent/event
agent/weakness
agent/author
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/zohocorp
canonical/zohocorp manageengine desktop central

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.