ManageEngine Desktop Central Directory Traversal Vulnerability

March 4, 2015

ManageEngine Desktop Central MSP is a Desktop and Mobile system management software designed to ease the process of managing systems from a central point. A web-based interface using a mix of Java and custom binaries is used to interact with Desktop Central. It provides administrators with an all-encompassing front-end for administrative tasks such as installing software, adding users, and managing inventory. The web-based interface is provided by the Apache Tomcat application server framework where a number of Java servlets and JSP files are used to process requests sent to the server.

An arbitrary file upload vulnerability has been reported in a ManageEngine Desktop Central MSP. The vulnerability is due to a failure to effectively sanitize user-supplied input prior to its use in a file creation process. More specifically, the vulnerability exists within StatusUpdateServlet when it is provided a particular parameter, a file path, and malicious file contents in the request body. The function then writes the HTTP request body data to the file name defined in the file path parameter at the location specified in the URI. The parameters sent in the URI may be used in a malicious manner if directory traversal characters are used as their values.

A remote, unauthenticated attacker could exploit this vulnerability that could lead to arbitrary code execution under the security context of the system user.

Dell SonicWALL UTM protects our customers using the following IPS signature to detect and prevent the attacks addressing this issue:

  • 6219 ManageEngine Desktop Central Directory Traversal 2

This vulernability was assigned to CVE-2014-9404.