CVE-2022-37024

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine OpManager versions prior to 2022-07-29 Zoho ManageEngine OpManager Plus versions prior to 2022-07-29 Zoho ManageEngine OpManager MSP versions prior to 2022-07-29 Zoho ManageEngine Network Configuration Manager versions prior to 2022-07-29 Zoho ManageEngine NetFlow Analyzer versions prior to 2022-07-29 Zoho ManageEngine OpUtils versions prior to 2022-07-29

Description The issue is related to insufficient input validation when handling packets, which can be exploited by a remote attacker to execute arbitrary code. Authenticated users can make database changes that lead to remote code execution. The vulnerability is associated with the getDNSResolveOption command injection.

Recommendations For Zoho ManageEngine OpManager versions prior to 2022-07-29, update to a version released after 2022-07-29. For Zoho ManageEngine OpManager Plus versions prior to 2022-07-29, update to a version released after 2022-07-29. For Zoho ManageEngine OpManager MSP versions prior to 2022-07-29, update to a version released after 2022-07-29. For Zoho ManageEngine Network Configuration Manager versions prior to 2022-07-29, update to a version released after 2022-07-29. For Zoho ManageEngine NetFlow Analyzer versions prior to 2022-07-29, update to a version released after 2022-07-29. For Zoho ManageEngine OpUtils versions prior to 2022-07-29, update to a version released after 2022-07-29. As a temporary workaround, consider disabling the getDNSResolveOption command until a patch is available.