Server-Side Request Forgery in ManageEngine Desktop Central
CVE-2023-4769

8.8HIGH

Key Information:

Vendor: ManageEngine
Status: Desktop Central
Vendor: CVE Published:; 3 November 2023

Summary

An SSRF vulnerability has been identified in ManageEngine Desktop Central, particularly in the /smtpConfig.do component. This flaw may allow authenticated attackers to conduct targeted attacks, including cross-port exploitation and service enumeration, by crafting malicious HTTP requests. Attackers can leverage this vulnerability to gain unauthorized access to internal services or execute other disruptive maneuvers within the network environment.

Affected Version(s)

Desktop Central 9.1.0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2023
Vulnerability Reserved
Sep 5, 2023

Credit

Rafael Pedrero