ManageEngine OpManager Vulnerable to Remote Code Execution
CVE-2024-5466

8.8HIGH

Key Information:

Vendor: Manageengine
Status: Opmanager, Remote Monitoring And Management
Vendor: CVE Published:; 23 August 2024

Summary

ZohoCorp's ManageEngine OpManager and Remote Monitoring and Management are affected by an authenticated remote code execution vulnerability. This flaw, present in versions 128329 and below, allows attackers to exploit the deploy agent option, potentially leading to unauthorized execution of malicious code within the system. Users of these products should prioritize reviewing their configurations and applying necessary updates to mitigate associated risks.

Affected Version(s)

OpManager, Remote Monitoring and Management 0 <= 128329

References

https://www.manageengine.com/itom/advisory/cve-2024-5466....

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 23, 2024
Vulnerability Reserved
May 29, 2024