Short Name |
HTTP:MISC:MANAGE-ENGNE-ADMIN-AC |
---|---|
Severity |
Minor |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
ManageEngine Desktop Central Servlet AddPluginUser Action Admin Account Creation |
Release Date |
2015/01/08 |
Update Number |
2457 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against ManageEngine Desktop. A successful exploit can lead to admin account creation.
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.