ManageEngine Desktop Central Policy Bypass Vulnerability (Jan 9, 2015)

By

Desktop Central is an integrated desktop & mobile device management software that helps in managing the servers, laptops, desktops, smartphones and tablets from a central point.It automates regular desktop management routines like installing patches, distributing software, managing your IT Assets, managing software licenses, monitoring software usage statistics, managing USB device usage, taking control of remote desktops etc.

A policy bypass vulnerability exists in ManageEngine Desktop Central The parameters sent to the page Dcpluginservelet are not validated properly.A remote unauthenticated attacker can create an administrator account by sending a specially crafted request as shown below.This creates a new administrator user “dcpwn” with the password “admin”.

Dell SonicWALL Threat Research Team has researched this vulnerability (CVE-2014-7862) and released the following IPS signature to protect their customers.

  • IPS 6180 : ManageEngine Desktop Central Policy Bypass
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.