CVE-2020-11552
First published: Tue Aug 11 2020(Updated: )
An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \windows\system32, cmd.exe can be launched as a SYSTEM.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Adselfservice Plus | <=5.8 | |
| Zohocorp Manageengine Adselfservice Plus | =6.0 | |
| Zohocorp Manageengine Adselfservice Plus | =6.0-6000 | |
| Zohocorp Manageengine Adselfservice Plus | =6.0-6001 | |
| Zohocorp Manageengine Adselfservice Plus | =6.0-6002 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2020/Aug/4
- http://seclists.org/fulldisclosure/2020/Aug/6
- https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6003-release-faceid-support
- https://www.exploit-db.com/exploits/48739
- https://www.manageengine.com
Frequently Asked Questions
What is CVE-2020-11552?
CVE-2020-11552 is an elevation of privilege vulnerability in ManageEngine ADSelfService Plus before build 6003.
What is the severity of CVE-2020-11552?
CVE-2020-11552 has a severity rating of 9.8 (critical).
What is affected by CVE-2020-11552?
ManageEngine ADSelfService Plus versions 5.8, 6.0, 6.0-6000, 6.0-6001, and 6.0-6002 are affected by CVE-2020-11552.
How does CVE-2020-11552 work?
CVE-2020-11552 allows an unauthenticated attacker to escalate privileges on a Windows host by exploiting a vulnerability in the Certificate dialog of ManageEngine ADSelfService Plus.
Are there any references for CVE-2020-11552?
Yes, you can refer to the following URLs for more information about CVE-2020-11552: - [Packet Storm Security](http://packetstormsecurity.com/files/158820/ManageEngine-ADSelfService-Plus-6000-Remote-Code-Execution.html) - [SecLists](http://seclists.org/fulldisclosure/2020/Aug/4) - [SecLists](http://seclists.org/fulldisclosure/2020/Aug/6)
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/zohocorp
- canonical/zohocorp manageengine adselfservice plus
- version/zohocorp manageengine adselfservice plus/5.8
- version/zohocorp manageengine adselfservice plus/6.0
- version/zohocorp manageengine adselfservice plus/6.0-6000
- version/zohocorp manageengine adselfservice plus/6.0-6001
- version/zohocorp manageengine adselfservice plus/6.0-6002