CVE-2023-47211

Name of the Vulnerable Software and Affected Versions ManageEngine OpManager version 12.7.258

Description A directory traversal vulnerability exists in the uploadMib functionality, allowing an attacker to send a malicious MiB file and trigger the vulnerability, potentially leading to arbitrary file creation. This issue is related to incorrect restriction of a directory path name with limited access. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary code. Approximately 6,971 devices are potentially affected, mainly distributed in China and the United States.

Recommendations For ManageEngine OpManager version 12.7.258, consider disabling the uploadMib functionality until a patch is available to prevent exploitation. Restrict access to the uploadMib feature to minimize the risk of arbitrary file creation. Avoid using the uploadMib functionality with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.