Privilege Escalation Vulnerability in Zoho ManageEngine Mobile Device Manager Plus
CVE-2022-41339

7.8HIGH

Key Information:

Vendor: Zohocorp
Status: Manageengine Mobile Device Manager Plus
Vendor: CVE Published:; 12 November 2022

What is CVE-2022-41339?

A vulnerability in the User Administration module of Zoho ManageEngine Mobile Device Manager Plus prior to version 10.1.2207.5 allows unauthorized users to escalate their privileges, leading to potential unauthorized access and control over sensitive device management features. This flaw underscores the need for timely updates and security assessments to protect against similar vulnerabilities.

References

https://www.manageengine.com/mobile-device-management/kb/...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2022
Vulnerability Reserved
Sep 24, 2022

Zohocorp

What is CVE-2022-41339?

References

CVSS V3.1

Timeline