ManageEngine - Remote Code Execution (CVE-2022-47966)
- Severity
- CVSSv3 Score
- 9.8
- Vulnerability description
ManageEngine server is vulnerable to CVE-2022-47966, a Remote Code Execution vulnerability in the
/SamlResponseServlet
endpoint. The vulnerability allows an attacker to gain Remote Code Execution by issuing an HTTP POST request containing a malicious SAML response. This vulnerability is a result of using an outdated version of Apache Santuario for XML signature validation.- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware, or pivot to the internal network.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
Upgrade the ManageEngine to the latest version.
- References
https://nvd.nist.gov/vuln/detail/CVE-2022-47966
https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Yes
- Vuln date
- Jan 2023
- Published at
- Updated at
- Software Type
- Service management
- Vendor
- ManageEngine
- Product
- Zoho