CVE-2015-8249 : The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and e

The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.

Published 2017-09-28 01:29:01

Updated 2017-10-06 15:25:05

Source CERT/CC

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2015-8249

Probability of exploitation activity in the next 30 days: 96.55%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2015-8249

ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Vulnerability

Disclosure Date: 2015-12-14

First seen: 2020-04-26

exploit/windows/http/manageengine_connectionid_write

This module exploits a vulnerability found in ManageEngine Desktop Central 9. When uploading a 7z file, the FileUploadServlet class does not check the user-controlled ConnectionId parameter in the FileUploadServlet class. This allows a remote attacker to inject a nul

More information

CVSS scores for CVE-2015-8249

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2015-8249

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-8249

http://packetstormsecurity.com/files/134806/ManageEngine-Desktop-Central-9-FileUploadServlet-ConnectionId.html

ManageEngine Desktop Central 9 FileUploadServlet ConnectionId ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
https://community.rapid7.com/community/infosec/blog/2015/12/14/r7-2015-22-manageengine-desktop-central-9-fileuploadservlet-connectionid-vulnerability-cve-2015-8249

R7-2015-22: ManageEngine Desktop Central 9 FileUploadServlet connectionId Vulnerability (CVE-2015-8249)
Exploit;Technical Description;Patch;Third Party Advisory
https://www.exploit-db.com/exploits/38982/

ManageEngine Desktop Central 9 - FileUploadServlet ConnectionId (Metasploit)
Exploit;Third Party Advisory;VDB Entry
http://www.rapid7.com/db/modules/exploit/windows/http/manageengine_connectionid_write

ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Vulnerability
Third Party Advisory

Products affected by CVE-2015-8249

Manageengine » Desktop Central » Version: 9.0
cpe:2.3:a:manageengine:desktop_central:9.0:*:*:*:*:*:*:*
Matching versions