ManageEngine Desktop Central Directory Traversal Vulnerability (Feb 20,2015)


ManageEngine Desktop Central MSP is a Desktop and Mobile system management software designed to ease the process of managing systems from a central point. A web-based interface using a mix of Java and custom binaries is used to interact with Desktop Central. It provides administrators with an all-encompassing front-end for administrative tasks such as installing software, adding users, and managing inventory. The web-based interface is provided by the Apache Tomcat application server framework where a number of Java servlets and JSP files are used to process requests sent to the server.

An arbitrary file upload vulnerability has been reported in a ManageEngine Desktop Central MSP. The vulnerability is due to a failure to effectively sanitize user-supplied input prior to its use in a file creation process. More specifically, the vulnerability exists within StatusUpdateServlet when it is provided a particular parameter, a file path, and malicious file contents in the request body. The function then writes the HTTP request body data to the file name defined in the file path parameter at the location specified in the URI. The parameters sent in the URI may be used in a malicious manner if directory traversal characters are used as their values.

A remote, unauthenticated attacker could exploit this vulnerability that could lead to arbitrary code execution under the security context of the system user.

Dell SonicWALL UTM protects our customers using the following IPS signature to detect and prevent the attacks addressing this issue:

  • 6219 ManageEngine Desktop Central Directory Traversal 2

This vulernability was assigned to CVE-2014-9404.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.