Remote code execution in multiple Zoho ManageEngine products



Published: 2023-01-17 | Updated: 2023-02-08
Risk Critical
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-47966
CWE-ID CWE-20
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerable software
Subscribe
ManageEngine Access Manager Plus
Server applications / Directory software, identity management

Zoho ManageEngine Active Directory 360
Server applications / Directory software, identity management

Vulnerability Manager Plus
Server applications / Other server solutions

Patch Manager Plus
Server applications / Other server solutions

Password Manager Pro
Server applications / Other server solutions

PAM 360
Server applications / Other server solutions

Key Manager Plus
Server applications / Other server solutions

Endpoint DLP
Server applications / Other server solutions

Endpoint Central MSP
Server applications / Other server solutions

Endpoint Central
Server applications / Other server solutions

Device Control Plus
Server applications / Other server solutions

ManageEngine Browser Security Plus
Server applications / Other server solutions

ManageEngine Application Control Plus
Server applications / Other server solutions

ManageEngine Analytics Plus
Server applications / Other server solutions

Zoho ManageEngine ServiceDesk Plus MSP
Server applications / Other server solutions

Remote Monitoring and Management (RMM)
Server applications / Remote management servers, RDP, SSH

OS Deployer
Server applications / Remote management servers, RDP, SSH

Zoho ManageEngine ADAudit Plus
Server applications / Remote management servers, RDP, SSH

Zoho ManageEngine Remote Access Plus
Web applications / Remote management & hosting panels

ManageEngine AssetExplorer
Web applications / Remote management & hosting panels

Zoho ManageEngine ServiceDesk Plus
Web applications / Remote management & hosting panels

Zoho ManageEngine ADManager Plus
Client/Desktop applications / Software for system administration

Zoho ManageEngine ADSelfService Plus
Client/Desktop applications / Software for system administration

Zoho ManageEngine SupportCenter Plus
Server applications / Conferencing, Collaboration and VoIP solutions

Vendor ManageEngine
Zoho Corporation

Security Bulletin

This security bulletin contains one critical risk vulnerability.

1) Input validation error

EUVDB-ID: #VU71210

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-47966

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to unspecified error in the Apache Santuario, which affects Zoho ManageEngine products, when SAML SSO is enabled. A remote non-authenticated attacker can bypass authentication process and compromise the affected system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Note, the vulnerability affects systems with configured SAML-based SSO.

Vulnerable software versions

ManageEngine Access Manager Plus: 4.1 4100 - 4.3 4307

Vulnerability Manager Plus: before 10.1.2220.18

Remote Monitoring and Management (RMM): before 10.1.41

Zoho ManageEngine Remote Access Plus: before 10.1.2228.11

Patch Manager Plus: before 10.1.2220.18

Password Manager Pro: before 12124

PAM 360: before 5713

OS Deployer: before 1.1.2243.1

Key Manager Plus: before 6401

Endpoint DLP: before 10.1.2137.6

Endpoint Central MSP: before 10.1.2228.11

Endpoint Central: before 10.1.2228.11

Device Control Plus: before 10.1.2220.18

ManageEngine Browser Security Plus: before 11.1.2238.6

ManageEngine Application Control Plus: before 10.1.2220.18

ManageEngine Analytics Plus: before 5150

Zoho ManageEngine ADManager Plus: before 7162

Zoho ManageEngine Active Directory 360: before 4310

ManageEngine AssetExplorer: before 6983

Zoho ManageEngine ServiceDesk Plus MSP: before 13001

Zoho ManageEngine SupportCenter Plus: before 11026

Zoho ManageEngine ADAudit Plus: before 7081

Zoho ManageEngine ADSelfService Plus: before 6211

Zoho ManageEngine ServiceDesk Plus: before 14.0 14004

CPE2.3 External links

http://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html


Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###