PT-2023-7422 · Manageengine · Zoho Manageengine Admanager Plus

Simon Humbert

Publicado

2023-01-12

Atualizado

2025-03-17

CVE-2023-29084

CVSS v2.0

8.3

Alta

Vetor

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ManageEngine ADManager Plus versions prior to 7181

Description The issue allows for authenticated users to exploit command injection via Proxy settings. This is due to the lack of neutralization of special elements used in the operating system command. Exploitation of the issue may allow a remote attacker to execute arbitrary code.

Recommendations For versions prior to 7181, update to version 7181 or later to resolve the command injection issue in the Proxy settings. As a temporary workaround, consider restricting access to the Proxy settings until a patch is available.

Exploit

Correção

OS Command Injection

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78CWE-77

Identificadores relacionados

BDU:2023-08459

CVE-2023-29084

ZDI-23-438

Produtos afetados

Zoho Manageengine Admanager Plus

PT-2023-7422 · Manageengine · Zoho Manageengine Admanager Plus

CVE-2023-29084

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19