Remote Code Execution Vulnerability in Zoho ManageEngine ADSelfService Plus
CVE-2018-5353

9.8CRITICAL

Key Information:

Vendor

Zohocorp
Status
Manageengine Adselfservice Plus
Vendor
CVE Published:
30 September 2020

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 15%

What is CVE-2018-5353?

The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus prior to version 5.5 build 5517 is susceptible to a remote code execution vulnerability. This issue arises from the module's failure to authenticate the intended server before launching a browser window, allowing unauthenticated attackers to conduct spoofing attacks. Successful exploitation can lead to code execution in the context of the WinLogon.exe process. The vulnerability is further exacerbated in environments where Network Level Authentication is not enforced, as it can be exploited through Remote Desktop Protocol (RDP). Additionally, if a web server is improperly configured with a certificate, the need for spoofing is eliminated.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-5353
Created by missing0x00

References

https://www.manageengine.com/products/self-service-passwo...
x_refsource_MISC
http://zoho.com
x_refsource_MISC
https://github.com/missing0x00/CVE-2018-5353
x_refsource_MISC

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability Reserved

.