Remote Command Execution Vulnerability in Zoho ManageEngine ADSelfService Plus
CVE-2022-28810

6.8MEDIUM

Key Information:

Vendor

Zohocorp
Status
Manageengine Adselfservice Plus
Vendor
CVE Published:
18 April 2022

Badges

👾 Exploit Exists🟣 EPSS 91%🦅 CISA Reported

What is CVE-2022-28810?

A vulnerability in Zoho ManageEngine ADSelfService Plus allows a remote authenticated administrator to execute arbitrary operating system commands as SYSTEM using the policy custom script feature. The presence of a default administrator password enables attackers to exploit this vulnerability with relative ease. Furthermore, a remote or partially authenticated attacker may manipulate the custom script function due to an unsanitized password field, potentially leading to unauthorized command execution.

CISA has reported CVE-2022-28810

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2022-28810 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

References

https://www.manageengine.com/products/self-service-passwo...
x_refsource_MISC
http://packetstormsecurity.com/files/166816/ManageEngine-...
x_refsource_MISC
https://github.com/rapid7/metasploit-framework/pull/16475
x_refsource_MISC

EPSS Score

91% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.