ManageEngine OpManager 12.3 Privilege Escalation
Posted on 22 January 2019
ManageEngine OpManager version 12.3 suffers from a weak permissions issue in which an attacker can replace the service binary with a binary of his choice. This service runs as Localsystem thus allowing for a privilege escalation vector.