Authenticated Command Injection Vulnerability in Zoho ManageEngine ServiceDesk Plus
CVE-2022-40770

7.2HIGH

Key Information:

Vendor: Zohocorp
Status: Manageengine Servicedesk Plus
Vendor: CVE Published:; 23 November 2022

What is CVE-2022-40770?

Zoho ManageEngine ServiceDesk Plus versions 13010 and earlier are susceptible to a vulnerability that allows authenticated high-privileged users to execute arbitrary commands on the server. This exploitation can lead to unauthorized access and control over sensitive system functions, posing significant risks to data integrity and confidentiality. Organizations using affected versions should prioritize applying available patches to mitigate this threat.

References

https://manageengine.com

https://www.manageengine.com/products/service-desk/CVE-20...

EPSS Score

80% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2022
Vulnerability Reserved
Sep 18, 2022

Zohocorp

What is CVE-2022-40770?

References

EPSS Score

CVSS V3.1

Timeline