Intrusion Prevention

ManageEngine.Desktop.Central.Administrator.Account.Creation

Description

This indicates an attack attempt against a Privilege Elevation vulnerability in ManageEngine Desktop Central.
The vulnerability is caused by an error when creating an administrator account without authentication through a HTTP request. It allows a remote attacker to gain control of the system via a crafted HTTP request.

Affected Products

ManageEngine Desktop Central version before version 9.0 build 90109

Impact

Privilege Escalation: Remote attackers can elevate their privileges on vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch or updates available for this issue.

CVE References

CVE-2014-7862