Unrated severityNVD Advisory· Published Sep 29, 2020· Updated Aug 5, 2024
CVE-2018-5353
CVE-2018-5353
Description
The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Zoho ManageEngine/ADSelfService Plusdescription
- Range: <5.5 build 5517
Patches
Vulnerability mechanics
References
2- zoho.commitrex_refsource_MISC
- www.manageengine.com/products/self-service-password/release-notes.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.