ManageEngine Password Manager Pro & PAM360 - Remote Code Execution (CVE-2022-35405)
- Severity
- CVSSv3 Score
- 9.8
- Vulnerability description
ManageEngine Password Manager Pro & PAM360 is affected by a Remote Code Execution vulnerability. By exploiting the CVE-2022-35405 vulnerability, an attacker can send an XML-RPC serialized java object to the /xmlrpc endpoint. This may potentially cause remote code execution, allowing a malicious unauthenticated attacker to execute arbitrary code on the ManageEngine server.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the ManageEngine server to steal confidential information, install ransomware, or pivot to the internal network.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
Upgrade the ManageEngine server to a version higher than 12.1 (12100) for Password Manager PRO and a version higher than 5.5 (5500) for PAM360.
- References
https://nvd.nist.gov/vuln/detail/CVE-2022-35405
https://www.manageengine.com/products/passwordmanagerpro/advisory/rce.html
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Yes
- Vuln date
- Jun 2022
- Published at
- Updated at
- Software Type
- Single Sign-On (SSO)
- Vendor
- ManageEngine
- Product
- Password Manager Pro, PAM360